更新日期:Tue Dec 14 2021 14:52:58 GMT+0800,阅读量:
请访问原文链接:VMware 产品是 Apache Log4j2 远程执行代码漏洞 CVE-2021-44228 的重灾区(修复完毕) 查看最新版。原创作品,转载请保留出处。
作者主页:sysin.org
Apache Log4j2 Remote Code Execution vulnerability CVE-2021-44228
VMware 产品几乎全部沦陷,详见安全公告。
仅有少量产品不受影响(详见 kb)。
响应矩阵
Updated On: 2022-02-14 所有产品修复完毕。
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
|---|---|---|---|---|---|---|---|---|
| VMware Horizon | 8.x, 7.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB87073 | KB87073 | None |
| VMware vCenter Server | 7.x | Virtual Appliance | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 7.0U3c | KB87081 | None |
| VMware vCenter Server | 6.7.x | Virtual Appliance | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 6.7 U3q | KB87081 | None |
| VMware vCenter Server | 6.7.x | Windows | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 6.7 U3q | KB87096 | None |
| VMware vCenter Server | 6.5.x | Virtual Appliance | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 6.5 U3s | KB87081 | None |
| VMware vCenter Server | 6.5.x | Windows | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 6.5 U3s | KB87096 | None |
| VMware Cloud Foundation | 4.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 4.4 | KB87095 | None |
| VMware Cloud Foundation | 3.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 3.11 | KB87095 | None |
| VMware HCX | 4.3 | Any | CVE-2021-44228, CVE-2021-45046 | N/A | N/A | Not Affected | N/A | N/A |
| VMware HCX | 4.2.x, 4.0.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 4.2.4 | KB87104 | None |
| VMware HCX | 4.1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 4.1.0.3 | KB87104 | None |
| VMware NSX-T Data Center | 3.1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 3.1.3.5 | KB87086 | None |
| VMware NSX-T Data Center | 3.0.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 3.0.3.1 | KB87086 | None |
| VMware NSX-T Data Center | 2.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.5.3.4 | KB87086 | None |
| VMware Unified Access Gateway | 21.x, 20.x, 3.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2111.1 | KB87092 | None |
| VMware Workspace ONE Access | 21.x, 20.10.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB87183 | KB87090 | None |
| VMware Identity Manager | 3.3.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 3.3.6 | KB87093 | None |
| VMware Site Recovery Manager, vSphere Replication | 8.5.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 8.5.0.2 | KB87098 | None |
| VMware Site Recovery Manager, vSphere Replication | 8.4.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 8.4.0.4 | KB87098 | None |
| VMware Site Recovery Manager, vSphere Replication | 8.3.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 8.3.1.5 | KB87098 | None |
| VMware vCenter Cloud Gateway | 1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB87081 | KB87081 | None |
| VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.08.0.1, 21.08, 20.10, 19.03.0.1 | Windows | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB87184 | KB87091 | None |
| VMware Horizon DaaS | 9.1.x, 9.0.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB87101 | KB87101 | None |
| VMware Horizon Cloud Connector | 1.x, 2.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.1.2 | None | None |
| VMware NSX Data Center for vSphere | 6.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 6.4.12 | KB87099 | None |
| VMware AppDefense Appliance | 2.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | N/A | UeX 109180 | None |
| VMware Cloud Director Object Storage Extension | 2.1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.1.0.1 | KB87102 | None |
| VMware Cloud Director Object Storage Extension | 2.0.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.0.0.3 | KB87102 | None |
| VMware Telco Cloud Operations | 1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.4.0.1 | KB87143 | None |
| VMware Smart Assurance NCM | 10.1.6.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 10.1.6.1 | KB87113 | None |
| VMware Smart Assurance SAM [Service Assurance Manager] | 10.1.5 | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 10.1.5.5 | KB87119 | None |
| VMware Smart Assurance SAM [Service Assurance Manager] | 10.1.2.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 10.1.2.16 | KB87119 | None |
| VMware Smart Assurance SAM [Service Assurance Manager] | 10.1.0.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 10.1.0.16 | KB87119 | None |
| VMware Integrated OpenStack | 7.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 7.2 | KB87118 | None |
| VMware Cloud Provider Lifecycle Manager | 1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.2.0.1 | KB87142 | None |
| VMware SD-WAN VCO | 4.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB87158 | KB87158 | None |
| VMware NSX Intelligence | 1.2.x, 1.1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.2.1.1 | KB87150 | None |
| VMware Horizon Agents Installer | 21.x.x, 20.x.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB87157 | KB87157 | None |
| VMware Smart Assurance M&R | 9.6-6.8u5, 10.1.2-7.0u8, 10.1.5-7.2 | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 10.1.7-7.3.0.5 | KB87161 | None |
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
|---|---|---|---|---|---|---|---|---|
| VMware Carbon Black Cloud Workload Appliance | 1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.1.2 | UeX 190167 | None |
| VMware Carbon Black EDR Server | 7.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 7.6.1 | UeX 109183 | None |
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
|---|---|---|---|---|---|---|---|---|
| VMware vRealize Automation | 8.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 8.6.2 | KB87120 | None |
| VMware vRealize Automation | 7.6 | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB70911 | KB87121 | None |
| VMware vRealize Business for Cloud | 7.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB87539 | KB87127 | None |
| VMware vRealize Lifecycle Manager | 8.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 8.6.2 | KB87097 | None |
| VMware vRealize Log Insight | 8.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB87519 | KB87089 | None |
| VMware vRealize Network Insight | 6.x, 5.3 | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 6.5.1 | KB87135 | None |
| VMware vRealize Operations | 8.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB87076 | KB87076 | None |
| VMware vRealize Operations Cloud (Cloud Proxy) | Any | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | Q4FY22 Cloud Update | KB87080 | None |
| VMware vRealize Operations Tenant App for VMware Cloud Director | 2.5 | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.5.1 | KB87187 | None |
| VMware vRealize Orchestrator | 8.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 8.6.2 | KB87120 | None |
| VMware vRealize Orchestrator | 7.6 | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB70629 | KB87122 | None |
| VMware vRealize True Visibility Suite | Any | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | KB87136 | KB87136 | None |
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
|---|---|---|---|---|---|---|---|---|
| App Metrics | 2.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.1.2 | None | None |
| API Portal for VMware Tanzu | 1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.0.8 | None | None |
| Healthwatch for Tanzu Application Service | 2.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.1.8 | None | None |
| Healthwatch for Tanzu Application Service | 1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.8.7 | None | None |
| Single Sign-On for VMware Tanzu Application Service | 1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.14.6 | None | None |
| Spring Cloud Gateway for Kubernetes | 1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.0.7 | None | None |
| Spring Cloud Gateway for VMware Tanzu | 1.1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.1.4 | None | None |
| Spring Cloud Gateway for VMware Tanzu | 1.0.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.0.19 | None | None |
| Spring Cloud Services for VMware Tanzu | 3.x | Any | CVE-2021-44228, CVE-2021-45046 | !0.0, 9.0 | critical | 3.1.27 | None | None |
| Spring Cloud Services for VMware Tanzu | 2.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.1.10 | None | None |
| VMware Greenplum Text | 3.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 3.8.1 | Article Number 13256 | None |
| VMware Harbor Container Registry for TKGI | 2.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.4.1 | Article Number 13263 | None |
| VMware Tanzu Application Service for VMs | 2.12.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.12.5 | Article Number 13265 | None |
| VMware Tanzu Application Service for VMs | 2.11.x | Any | CVE-2021-44228, CVE-45046 | 10.0, 9.0 | critical | 2.11.13 | Article Number 13265 | None |
| VMware Tanzu Application Service for VMs | 2.10.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.10.24 | Article Number 13265 | None |
| VMware Tanzu Application Service for VMs | 2.9.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.9.30 | Article Number 13265 | None |
| VMware Tanzu Application Service for VMs | 2.8.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.8.30 | Article Number 13265 | None |
| VMware Tanzu Application Service for VMs | 2.7.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.7.44 | Article Number 13265 | None |
| VMware Tanzu GemFire | 9.10.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 9.10.13 | Article Number 13255 | None |
| VMware Tanzu GemFire | 9.9.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 9.9.7 | Article Number 13255 | None |
| VMware Tanzu GemFire for VMs | 1.14.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.14.2 | Article Number 13262 | None |
| VMware Tanzu GemFire for VMs | 1.13.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.13.5 | Article Number 13262 | None |
| VMware Tanzu GemFire for VMs | 1.12.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.12.4 | Article Number 13262 | None |
| VMware Tanzu Greenplum Platform Extension Framework | 6.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 6.2.1 | Article Number 13256 | None |
| VMware Tanzu Kubernetes Grid Integrated Edition | 1.13.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.13.1 | Article Number 13263 | None |
| VMware Tanzu Kubernetes Grid Integrated Edition | 1.10.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.10.8 | Article Number 13263 | None |
| VMware Tanzu Observability by Wavefront Nozzle | 3.x, 2.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 3.0.4 | None | None |
| VMware Tanzu Observability Proxy | 10.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 10.12 | Article Number 13272 | None |
| VMware Tanzu Operations Manager | 2.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 2.10.25 | Article Number 13264 | None |
| VMware Tanzu Scheduler | 1.x | Any | CVE-2021-44228, CVE-2021-45046 | 10.0, 9.0 | critical | 1.6.1 | Article Number 13280 | None |
文章用于推荐和分享优秀的软件产品及其相关技术,所有软件默认提供官方原版(免费版或试用版),免费分享。对于部分产品笔者加入了自己的理解和分析,方便学习和研究使用。任何内容若侵犯了您的版权,请联系作者删除。如果您喜欢这篇文章或者觉得它对您有所帮助,或者发现有不当之处,欢迎您发表评论,也欢迎您分享这个网站,或者赞赏一下作者,谢谢!
赞
支付宝赞赏
微信赞赏
支付宝赞赏
微信赞赏
赞赏一下
☑️ 评论恢复,欢迎留言❗️敬请注册!点击 “登录” - “用户注册”(已知不支持 21.cn/189.cn 邮箱)。请勿使用联合登录(已关闭)。