OpenJDK 8 running on some vCenter versions is flagged as vulnerable to CVE-2023-21930
search cancel

OpenJDK 8 running on some vCenter versions is flagged as vulnerable to CVE-2023-21930

book

Article ID: 368748

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Security scans may identify the version of OpenJDK 8 running on vCenter 7.x and vCenter 8.x as vulnerable to CVE-2023-21930. 

Environment

vCenter 7.0 versions prior to 7.0 U3q
vCenter 8.0 versions prior to 8.0 U2b

Cause

CVE-2024-20918
CVE-2023-21930

Resolution

Patch to a version of vCenter that has updated OpenJDK. CVE-2023-21930 is resolved in the following vCenter updates:

vCenter 7.0u3q updated to JRE 8u402
vCenter Server 7.0 Update 3q Release Notes


vCenter 8.0U2b updated to JRE 8u392
vCenter Server 8.0 Update 2b Release Notes

Additional Information

A security scanner may identify log4j-1.2.12rsa-1.jar as a vulnerable version of log4j installed on your vCenter appliance. See this related article: Security scans of the vCenter Appliance erroneously shows log4j-1.2.12rsa-1.jar as vulnerable

Powered by Wolken Software