CVE-2021-44228 has been determined to impact VMware Cloud Director Object Storage Extension via the Apache Log4j open source component it ships. This vulnerability and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing:
Object Storage Extension service itself is not impacted by this vulnerability directly, but it has an internal component depending on log4j.
The work arounds described in this document are applicable to the following versions:
VMware Cloud Director Object Storage Extension 1.X
VMware Cloud Director Object Storage Extension 2.X