Log4j Yayılmaya Devam Ediyor Şimdi de VMware

Mehmet Sait YILMAZ 11/12/2021

0 1 dakika okuma süresi

Log4j zafiyeti yavaş yavaş etkilerini göstermeye başladı. Log4j kütüphanelerini kullanan üreticiler ürünleri için güncelleme yayınlamaya devam ediyor. Bunlardan biriside VMware oldu.

VMware yaptığı açıklamada etklienen ürünleri şöyle listeledi:

VMware Horizon
VMware vCenter Server
VMware HCX
VMware NSX-T Data Center
VMware Unified Access Gateway
VMware WorkspaceOne Access
VMware Identity Manager
VMware vRealize Operations
VMware vRealize Operations Cloud Proxy
VMware vRealize Log Insight
VMware vRealize Automation
VMware Telco Cloud Automation
VMware Site Recovery Manager
VMware Carbon Black Cloud Workload Appliance
VMware Tanzu GemFire
VMware Tanzu Greenplum
VMware Tanzu Operations Manager
VMware Tanzu Application Service for VMs
VMware Tanzu Kubernetes Grid Integrated Edition
VMware Tanzu Observability by Wavefront Nozzle
Healthwatch for Tanzu Application Service
Spring Cloud Services for VMware Tanzu
Spring Cloud Gateway for VMware Tanzu
Spring Cloud Gateway for Kubernetes
API Portal for VMware Tanzu
Single Sign-On for VMware Tanzu Application Service

Response Matrix:

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Horizon	8.x, 7.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87073	None
VMware vCenter Server	7.x, 6.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware HCX	4.x, 3.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB86169	None
VMware NSX-T Data Center	3.x, 2.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87086	None
VMware Unified Access Gateway	21.x, 20.x, 3.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Workspace ONE Access	21.x, 20.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Identity Manager	3.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware vRealize Operations	8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87076	None
VMware vRealize Operations Cloud Proxy	Any	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87080	None
VMware vRealize Log Insight	8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware vRealize Automation	8.x, 7.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Telco Cloud Automation	2.x, 1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Carbon Black Cloud Workload Appliance	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Site Recovery Manager	8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Tanzu GemFire	9.x, 8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Article Number 13255	None
VMware Tanzu Greenplum	6.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Article Number 13256	None
VMware Tanzu Operations Manager	2.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Tanzu Application Service for VMs	2.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Tanzu Kubernetes Grid Integrated Edition	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware Tanzu Observability by Wavefront Nozzle	3.x, 2.x	Any	CVE-2021-44228	10.0	Critical	3.0.3	Workaround Pending	None
Healthwatch for Tanzu Application Service	2.x, 1.x	Any	CVE-2021-44228	10.0	Critical	2.1.7, 1.8.6	Workaround Pending	None
Spring Cloud Services for VMware Tanzu	3.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
Spring Cloud Gateway for VMware Tanzu	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
Spring Cloud Gateway for Kubernetes	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
API Portal for VMware Tanzu	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
Single Sign-On for VMware Tanzu Application Service	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None