VMware response to CVE-2021-44228 and CVE-2021-45046: Apache Log4j Remote Code Execution
search cancel

VMware response to CVE-2021-44228 and CVE-2021-45046: Apache Log4j Remote Code Execution

book

Article ID: 317588

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vCenter Server VMware Desktop Hypervisor VMware Aria Suite VMware NSX VMware vSAN

Issue/Introduction

CVE-2021-44228 and CVE-2021-45046 have been determined to impact multiple VMware products via the Apache Log4j open source component they ship. These vulnerabilities and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), review this document before continuing:

Resolution

Products NOT impacted by CVE-2021-44228 and CVE-2021-45046:

  • VMware vSphere ESXi
  • VMware Cloud Director (VCD)
  • VMware Cloud Director Availability
  • VMware NSX Advanced Load Balancer (Avi)   
  • VMware Workspace ONE Assist
  • VMware RemoteHelp
  • VMware vCloud Usage Meter
  • VMware Tanzu Kubernetes Grid
  • SaltStack
  • VMware App Volumes 
  • VMware ThinApp
  • ThinApp SDK
  • Dynamic Environment Manager (DEM) 
  • Workspace ONE Unified Endpoint Management (UEM)
  • VMware Postgres
  • VMware Tanzu RabbitMQ
  • VMware Tanzu RabbitMQ for Kubernetes
  • VMware Tanzu RabbitMQ for VMs
  • VMware Tanzu SQL with Postgres for Kubernetes
  • VMware Tanzu SQL with MySQL for Kubernetes
  • Data Management for VMware Tanzu (DMS)
  • VMware Telco Cloud Automation (TCA)
  • VMware Workstation
  • VMware Fusion
  • VMware Skyline Collector virtual appliance
  • Workspace ONE Intelligence
  • MySQL for TAS (Tanzu Application Service)
  • VMware Workstation Player
  • Cloud Director App Launchpad
  • AirWatch Cloud Connector
  • VMware NSX Lastline Defender On-Premises
  • VMware NSX Lastline Defender Hosted/SaaS
  • Update Manager Download Service (UMDS)
  • Metric Store
  • Event Alerts
  • VMware Workspace ONE Assist for Horizon
  • VMware Tools
  • VMware Tanzu Toolkit for Kubernetes
  • Secure Email Gateway
  • VMware Cloud Director App Launchpad
  • Skyline Health Diagnostics 
  • Carbon Black App Control
  • VMware Tanzu Build Service
  • Workspace ONE Tunnel
  • VMware Email Notification Service 2
  • VMware vRealize Log Insight Cloud Proxy
  • VMware Remote Console (VMRC)
  • VMware Cloud Services Cloud Proxy
  • vRealize AI Cloud Cloud Proxy

Note: Additional products will be published in this article following further review.

Additional Information

Change log:

  • December 13th 2021 - 10:15 PT | Products added: vRealize Log Insight, VMware Skyline Collector virtual appliance, Workspace ONE Intelligence,MySQL for TAS (Tanzu Application Service), VMware Workstation Player, Cloud Director App Launchpad, vROps TenantApp, AirWatch Cloud Connector
  • December 13th 2021 - 10:23 PT | Products added: NSX Lastline Defender
  • December 13th 2021 - 10:45 PT | Products added: Update Manager Download Service
  • December 13th 2021 - 11:42 PT | Products added: Removed vRealize Log Insight
  • December 13th 2021 - 1:57 PT | Products added: VMware NSX Lastline Defender Hosted/SaaS and Edited: VMware NSX Lastline Defender On-Premises
  • December 13th 2021 - 3:17pm PT | Product removed: VMware Tanzu Scheduler
  • December 14th 2021- 5:00 pm IST: Removed few products
  • December 14th 2021 - 5:07 Products added: metrics store, Event Alerts, VMware Workspace ONE Assist for Horizon, VMware Tools, VMware Tanzu Toolkit for Kubernetes, Secure Email Gateway, VMware Cloud Director App Launchpad
  • December 14th 2021 - 9:29AM - PST : Added the product Skyline Health Diagnostics 
  • December 14th 2021 - 10:32AM PST : Added Carbon Black App Control
  • December 15th 2021- 1:32 PM IST: Removed VMware Software-Defined WAN (SD-WAN)
  • December 15th 2021 - 7:29 PM IST: Added VMware Tanzu Build Service, Event alerts, Workspace ONE Tunnel, VMware Email Notification Service 2
  • December 15th 2021 - 6:07am PT: Added: VMware Postgres ,VMware Tanzu SQL with Postgres for Kubernetes, VMware Tanzu SQL with MySQL for Kubernetes, Data Management for VMware Tanzu
  • December 16th 2021 - 12:12pm PT: Edited to include CVE-2021-45046
  • December 17th 2021-11:00 am IST: Removed vROps TenantApp
  • December 17th 2021 4:31PM IST : Added VMware vRealize Log Insight Cloud Proxy, VMware Remote Console (VMRC) 
  • December 17th 2021 2:45pm PT - Renamed VMware Director Availability to VMware Cloud Director Availability
  • January 04th 2021 12:01 IST- Added VMware Cloud Services Cloud Proxy, vRealize AI Cloud Cloud Proxy
Powered by Wolken Software