CVE-2021-44228 and CVE-2021-45046 have been determined to impact vRealize Operations Cloud via the Apache Log4j open source component it ships. This vulnerability and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing:
TVS Management Packs Affected:
- TVS MP for Apache Tomcat
- TVS MP for Citrix ADC
- vROps MP for Dell EMC Isilon (formerly TVS MP for Dell EMC Isilon)
- vROps MP for Dell EMC Powermax-VMax (formerly TVS MP for Dell EMC Powermax-VMax)
- vROps MP for Dell EMC Xtremio (formerly TVS MP for Dell EMC Xtremio)
- TVS MP for F5 Big-IP
- vROps MP for HPE 3Par StoreServ (formerly TVS MP for HPE 3Par StoreServ)
- vROps MP for HPE Nimble, formerly TVS MP for HPE Nimble
- vROps MP for HPE Proliant (formerly TVS MP for HPE Proliant)
- vROps MP for Netapp E-Series (formerly TVS MP for Netapp E-Series)
- TVS MP for Nutanix
- TVS MP for Redhat JBOSS EAP
- TVS MP for SAP
- TVS MP for Meditech
Note: Both on-prem and cloud deployments are affected.
vRealize Operations Cloud Deployments:
We have taken the necessary actions to protect your environment from exploitation due to CVE-2021-44228. The vRealize Operations Cloud services have already been patched. Any Cloud Proxy appliances deployed on your local site(s) must have the workaround implemented manually by following the steps in the article.