CVE-2021-44228 and CVE-2021-45046 have been determined to impact multiple VMware products via the Apache Log4j open source component they ship. These vulnerabilities and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing:

• CVE-2021-44228 & CVE-2021-45046 – VMSA-2021-0028

Products NOT impacted by CVE-2021-44228 and CVE-2021-45046:

• VMware vSphere ESXi
• VMware Cloud Director (VCD)
• VMware Cloud Director Availability
• VMware NSX Advanced Load Balancer (Avi)   
• VMware Workspace ONE Assist
• VMware RemoteHelp
• VMware vCloud Usage Meter
• VMware Tanzu Kubernetes Grid
• SaltStack
• VMware App Volumes 
• VMware ThinApp
• ThinApp SDK
• Dynamic Environment Manager (DEM) 
• Workspace ONE Unified Endpoint Management (UEM)
• VMware Postgres
• VMware Tanzu RabbitMQ
• VMware Tanzu RabbitMQ for Kubernetes
• VMware Tanzu RabbitMQ for VMs
• VMware Tanzu SQL with Postgres for Kubernetes
• VMware Tanzu SQL with MySQL for Kubernetes
• Data Management for VMware Tanzu (DMS)
• VMware Telco Cloud Automation (TCA)
• VMware Workstation
• VMware Fusion
• VMware Skyline Collector virtual appliance
• Workspace ONE Intelligence
• MySQL for TAS (Tanzu Application Service)
• VMware Workstation Player
• Cloud Director App Launchpad
• AirWatch Cloud Connector
• VMware NSX Lastline Defender On-Premises
• VMware NSX Lastline Defender Hosted/SaaS
• Update Manager Download Service (UMDS)
• Metric Store
• Event Alerts
• VMware Workspace ONE Assist for Horizon
• VMware Tools
• VMware Tanzu Toolkit for Kubernetes
• Secure Email Gateway
• VMware Cloud Director App Launchpad
• Skyline Health Diagnostics 
• Carbon Black App Control
• VMware Tanzu Build Service
• Workspace ONE Tunnel
• VMware Email Notification Service 2
• VMware vRealize Log Insight Cloud Proxy
• VMware Remote Console (VMRC)
• VMware Cloud Services Cloud Proxy
• vRealize AI Cloud Cloud Proxy

Note: Additional products will be published in this article following further review.

Change log:

December 13th 2021 - 10:15 PT | Products added: vRealize Log Insight, VMware Skyline Collector virtual appliance, Workspace ONE Intelligence, MySQL for TAS (Tanzu Application Service), VMware Workstation Player, Cloud Director App Launchpad, vROps TenantApp, AirWatch Cloud Connector

December 13th 2021 - 10:23 PT | Products added: NSX Lastline Defender

December 13th 2021 - 10:45 PT | Products added: Update Manager Download Service

December 13th 2021 - 11:42 PT | Products added: Removed vRealize Log Insight

December 13th 2021 - 1:57 PT | Products added: VMware NSX Lastline Defender Hosted/SaaS and Edited: VMware NSX Lastline Defender On-Premises

December 13th 2021 - 3:17pm PT | Product removed: VMware Tanzu Scheduler
December 14th 2021- 5:00 pm IST: Removed few products

December 14th 2021-5:07 Products added: metrics store, Event Alerts, VMware Workspace ONE Assist for Horizon, VMware Tools, VMware Tanzu Toolkit for Kubernetes, Secure Email Gateway, VMware Cloud Director App Launchpad
December 14th 2021 - 9:29AM - PST : Added the product Skyline Health Diagnostics 
December 14th 2021 - 10:32AM PST : Added Carbon Black App Control
December 15th 2021- 1:32 PM IST: Removed VMware Software-Defined WAN (SD-WAN)
December 15th 2021 - 7:29 PM IST: Added VMware Tanzu Build Service, Event alerts, Workspace ONE Tunnel, VMware Email Notification Service 2
December 15th 2021 - 6:07am PT: Added: VMware Postgres ,VMware Tanzu SQL with Postgres for Kubernetes, VMware Tanzu SQL with MySQL for Kubernetes, Data Management for VMware Tanzu
December 16th 2021 - 12:12pm PT: Edited to include CVE-2021-45046
December 17th 2021-11:00 am IST: Removed vROps TenantApp
December 17th 2021 4:31PM IST : Added VMware vRealize Log Insight Cloud Proxy, VMware Remote Console (VMRC) 
December 17th 2021 2:45pm PT - Renamed VMware Director Availability to VMware Cloud Director Availability
January 04th 2021 12:01 IST- Added VMware Cloud Services Cloud Proxy, vRealize AI Cloud Cloud Proxy