VMSA-2021-0028 VMware Apache Log4j Remote Code Execution Vulnerability

Merhaba,

VMware , ürün ailesinin nerdeyse tamamını etkileyen remote code execution zafiyeti bildirilmiştir.(12/10/2021)

CCVE-2021-44228 numaralı ve zafiyet riski 10 gibi yüksek skorlu güvenlik açığı için etkilenen VMware ürün ailesi response matriksi aşağıdaki gibidir.

Response Matrix:

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Horizon	8.x, 7.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87073	None
VMware vCenter Server	7.x, 6.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware HCX	4.x, 3.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB86169	None
VMware NSX-T Data Center	3.x, 2.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87086	None
VMware Unified Access Gateway	21.x, 20.x, 3.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Workspace ONE Access	21.x, 20.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Identity Manager	3.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware vRealize Operations	8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87076	None
VMware vRealize Operations Cloud Proxy	Any	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87080	None
VMware vRealize Log Insight	8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware vRealize Automation	8.x, 7.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Telco Cloud Automation	2.x, 1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Carbon Black Cloud Workload Appliance	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Site Recovery Manager	8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Tanzu GemFire	9.x, 8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Article Number 13255	None
VMware Tanzu Greenplum	6.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Article Number 13256	None
VMware Tanzu Operations Manager	2.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Tanzu Application Service for VMs	2.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Tanzu Kubernetes Grid Integrated Edition	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Tanzu Observability by Wavefront Nozzle	3.x, 2.x	Any	CVE-2021-44228	10.0	Critical	3.0.3	Workaround Pending	None
Healthwatch for Tanzu Application Service	2.x, 1.x	Any	CVE-2021-44228	10.0	Critical	2.1.7, 1.8.6	Workaround Pending	None
Spring Cloud Services for VMware Tanzu	3.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
Spring Cloud Gateway for VMware Tanzu	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
Spring Cloud Gateway for Kubernetes	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
API Portal for VMware Tanzu	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
Single Sign-On for VMware Tanzu Application Service	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
App Metrics	2.x	Any	CVE-2021-44228	10.0	Critical	2.1.1	Workaround Pending	None
VMware vCenter Cloud Gateway	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Tanzu SQL with MySQL for VMs	1.x, 2.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
vRealize Orchestrator	7.x, 8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None

Bu zafiyet için bazı ürünlerde workaround çözümler belirtilmiş fakat patchler beklenmektedir. VMware kbyi takip edip patchler yayınlandığında bir an önce upgrade edilmesi gerekmektedir.

VMware’in ilgili kbsini takip etmek için tıklayınız.