VMSA-2021-0028 VMware Apache Log4j Remote Code Execution Vulnerability

Virtualization

Merhaba,

VMware , ürün ailesinin nerdeyse tamamını etkileyen remote code execution zafiyeti bildirilmiştir.(12/10/2021)

CCVE-2021-44228 numaralı ve zafiyet riski 10 gibi yüksek skorlu güvenlik açığı için etkilenen VMware ürün ailesi response matriksi aşağıdaki gibidir.

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Horizon8.x, 7.xAnyCVE-2021-4422810.0Critical Patch PendingKB87073None
VMware vCenter Server7.x, 6.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware HCX4.x, 3.xAnyCVE-2021-4422810.0Critical Patch PendingKB86169None
VMware NSX-T Data Center3.x, 2.xAnyCVE-2021-4422810.0Critical Patch PendingKB87086None
VMware Unified Access Gateway21.x, 20.x, 3.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Workspace ONE Access21.x, 20.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Identity Manager3.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware vRealize Operations8.xAnyCVE-2021-4422810.0Critical Patch PendingKB87076None
VMware vRealize Operations Cloud ProxyAnyAnyCVE-2021-4422810.0Critical Patch PendingKB87080None
VMware vRealize Log Insight8.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware vRealize Automation8.x, 7.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Telco Cloud Automation2.x, 1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Carbon Black Cloud Workload Appliance1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Site Recovery Manager8.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Tanzu GemFire9.x, 8.xAnyCVE-2021-4422810.0Critical Patch PendingArticle Number 13255None
VMware Tanzu Greenplum6.xAnyCVE-2021-4422810.0Critical Patch PendingArticle Number 13256None
VMware Tanzu Operations Manager2.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Tanzu Application Service for VMs2.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Tanzu Kubernetes Grid Integrated Edition1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Tanzu Observability by Wavefront Nozzle3.x, 2.xAnyCVE-2021-4422810.0Critical 3.0.3Workaround PendingNone
Healthwatch for Tanzu Application Service2.x, 1.xAnyCVE-2021-4422810.0Critical 2.1.7, 1.8.6Workaround PendingNone
Spring Cloud Services for VMware Tanzu3.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
Spring Cloud Gateway for VMware Tanzu1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
Spring Cloud Gateway for Kubernetes1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
API Portal for VMware Tanzu1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
Single Sign-On for VMware Tanzu Application Service1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
App Metrics2.xAnyCVE-2021-4422810.0Critical 2.1.1Workaround PendingNone
VMware vCenter Cloud Gateway1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Tanzu SQL with MySQL for VMs1.x, 2.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
vRealize Orchestrator7.x, 8.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
Tablo-1

Bu zafiyet için bazı ürünlerde workaround çözümler belirtilmiş fakat patchler beklenmektedir. VMware kbyi takip edip patchler yayınlandığında bir an önce upgrade edilmesi gerekmektedir.

VMware’in ilgili kbsini takip etmek için tıklayınız.

Bir cevap yazın

E-posta hesabınız yayımlanmayacak.