VMware 产品是 Apache Log4j2 远程执行代码漏洞 CVE-2021-44228 的重灾区(修复完毕)

Apache Log4j2 Remote Code Execution vulnerability

Posted by sysin on 2021-12-14
Estimated Reading Time 13 Minutes
Words 2.2k In Total
更新日期:2021-12-14 14:52:58,阅读量:

请访问原文链接:VMware 产品是 Apache Log4j2 远程执行代码漏洞 CVE-2021-44228 的重灾区(修复完毕) 查看最新版。原创作品,转载请保留出处。

作者主页:sysin.org


Apache Log4j2 Remote Code Execution vulnerability CVE-2021-44228

VMware 产品几乎全部沦陷,详见安全公告

仅有少量产品不受影响(详见 kb)。

响应矩阵

Updated On: 2022-02-14 所有产品修复完毕。

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Horizon8.x, 7.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB87073KB87073None
VMware vCenter Server7.xVirtual ApplianceCVE-2021-44228, CVE-2021-4504610.0, 9.0critical7.0U3cKB87081None
VMware vCenter Server6.7.xVirtual ApplianceCVE-2021-44228, CVE-2021-4504610.0, 9.0critical6.7 U3qKB87081None
VMware vCenter Server6.7.xWindowsCVE-2021-44228, CVE-2021-4504610.0, 9.0critical6.7 U3qKB87096None
VMware vCenter Server6.5.xVirtual ApplianceCVE-2021-44228, CVE-2021-4504610.0, 9.0critical6.5 U3sKB87081None
VMware vCenter Server6.5.xWindowsCVE-2021-44228, CVE-2021-4504610.0, 9.0critical6.5 U3sKB87096None
VMware Cloud Foundation4.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical4.4KB87095None
VMware Cloud Foundation3.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical3.11KB87095None
VMware HCX4.3AnyCVE-2021-44228, CVE-2021-45046N/AN/ANot AffectedN/AN/A
VMware HCX4.2.x, 4.0.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical4.2.4KB87104None
VMware HCX4.1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical4.1.0.3KB87104None
VMware NSX-T Data Center3.1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical3.1.3.5KB87086None
VMware NSX-T Data Center3.0.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical3.0.3.1KB87086None
VMware NSX-T Data Center2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.5.3.4KB87086None
VMware Unified Access Gateway21.x, 20.x, 3.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2111.1KB87092None
VMware Workspace ONE Access21.x, 20.10.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB87183KB87090None
VMware Identity Manager3.3.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical3.3.6KB87093None
VMware Site Recovery Manager, vSphere Replication8.5.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical8.5.0.2KB87098None
VMware Site Recovery Manager, vSphere Replication8.4.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical8.4.0.4KB87098None
VMware Site Recovery Manager, vSphere Replication8.3.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical8.3.1.5KB87098None
VMware vCenter Cloud Gateway1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB87081KB87081None
VMware Workspace ONE Access Connector (VMware Identity Manager Connector)21.08.0.1, 21.08, 20.10, 19.03.0.1WindowsCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB87184KB87091None
VMware Horizon DaaS9.1.x, 9.0.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB87101KB87101None
VMware Horizon Cloud Connector1.x, 2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.1.2NoneNone
VMware NSX Data Center for vSphere6.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical6.4.12KB87099None
VMware AppDefense Appliance2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalN/AUeX 109180None
VMware Cloud Director Object Storage Extension2.1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.1.0.1KB87102None
VMware Cloud Director Object Storage Extension2.0.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.0.0.3KB87102None
VMware Telco Cloud Operations1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.4.0.1KB87143None
VMware Smart Assurance NCM10.1.6.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical10.1.6.1KB87113None
VMware Smart Assurance SAM [Service Assurance Manager]10.1.5AnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical10.1.5.5KB87119None
VMware Smart Assurance SAM [Service Assurance Manager]10.1.2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical10.1.2.16KB87119None
VMware Smart Assurance SAM [Service Assurance Manager]10.1.0.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical10.1.0.16KB87119None
VMware Integrated OpenStack7.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical7.2KB87118None
VMware Cloud Provider Lifecycle Manager1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.2.0.1KB87142None
VMware SD-WAN VCO4.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB87158KB87158None
VMware NSX Intelligence1.2.x, 1.1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.2.1.1KB87150None
VMware Horizon Agents Installer21.x.x, 20.x.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB87157KB87157None
VMware Smart Assurance M&R9.6-6.8u5, 10.1.2-7.0u8, 10.1.5-7.2AnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical10.1.7-7.3.0.5KB87161None
ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Carbon Black Cloud Workload Appliance1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.1.2UeX 190167None
VMware Carbon Black EDR Server7.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical7.6.1UeX 109183None
ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware vRealize Automation8.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical8.6.2KB87120None
VMware vRealize Automation7.6AnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB70911KB87121None
VMware vRealize Business for Cloud7.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB87539KB87127None
VMware vRealize Lifecycle Manager8.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical8.6.2KB87097None
VMware vRealize Log Insight8.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB87519KB87089None
VMware vRealize Network Insight6.x, 5.3AnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical6.5.1KB87135None
VMware vRealize Operations8.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB87076KB87076None
VMware vRealize Operations Cloud (Cloud Proxy)AnyAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalQ4FY22 Cloud UpdateKB87080None
VMware vRealize Operations Tenant App for VMware Cloud Director2.5AnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.5.1KB87187None
VMware vRealize Orchestrator8.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical8.6.2KB87120None
VMware vRealize Orchestrator7.6AnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB70629KB87122None
VMware vRealize True Visibility SuiteAnyAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0criticalKB87136KB87136None
ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
App Metrics2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.1.2NoneNone
API Portal for VMware Tanzu1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.0.8NoneNone
Healthwatch for Tanzu Application Service2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.1.8NoneNone
Healthwatch for Tanzu Application Service1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.8.7NoneNone
Single Sign-On for VMware Tanzu Application Service1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.14.6NoneNone
Spring Cloud Gateway for Kubernetes1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.0.7NoneNone
Spring Cloud Gateway for VMware Tanzu1.1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.1.4NoneNone
Spring Cloud Gateway for VMware Tanzu1.0.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.0.19NoneNone
Spring Cloud Services for VMware Tanzu3.xAnyCVE-2021-44228, CVE-2021-45046!0.0, 9.0critical3.1.27NoneNone
Spring Cloud Services for VMware Tanzu2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.1.10NoneNone
VMware Greenplum Text3.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical3.8.1Article Number 13256None
VMware Harbor Container Registry for TKGI2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.4.1Article Number 13263None
VMware Tanzu Application Service for VMs2.12.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.12.5Article Number 13265None
VMware Tanzu Application Service for VMs2.11.xAnyCVE-2021-44228, CVE-4504610.0, 9.0critical2.11.13Article Number 13265None
VMware Tanzu Application Service for VMs2.10.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.10.24Article Number 13265None
VMware Tanzu Application Service for VMs2.9.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.9.30Article Number 13265None
VMware Tanzu Application Service for VMs2.8.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.8.30Article Number 13265None
VMware Tanzu Application Service for VMs2.7.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.7.44Article Number 13265None
VMware Tanzu GemFire9.10.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical9.10.13Article Number 13255None
VMware Tanzu GemFire9.9.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical9.9.7Article Number 13255None
VMware Tanzu GemFire for VMs1.14.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.14.2Article Number 13262None
VMware Tanzu GemFire for VMs1.13.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.13.5Article Number 13262None
VMware Tanzu GemFire for VMs1.12.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.12.4Article Number 13262None
VMware Tanzu Greenplum Platform Extension Framework6.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical6.2.1Article Number 13256None
VMware Tanzu Kubernetes Grid Integrated Edition1.13.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.13.1Article Number 13263None
VMware Tanzu Kubernetes Grid Integrated Edition1.10.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.10.8Article Number 13263None
VMware Tanzu Observability by Wavefront Nozzle3.x, 2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical3.0.4NoneNone
VMware Tanzu Observability Proxy10.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical10.12Article Number 13272None
VMware Tanzu Operations Manager2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical2.10.25Article Number 13264None
VMware Tanzu Scheduler1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 9.0critical1.6.1Article Number 13280None

捐助本站 ❤️ Donate

点击访问官方网站


文章用于推荐和分享优秀的软件产品及其相关技术,所有软件默认提供官方原版(免费版或试用版),免费分享。对于部分产品笔者加入了自己的理解和分析,方便学习和研究使用。任何内容若侵犯了您的版权,请联系作者删除。如果您喜欢这篇文章或者觉得它对您有所帮助,或者发现有不当之处,欢迎您发表评论,也欢迎您分享这个网站,或者赞赏一下作者,谢谢!

支付宝赞赏 微信赞赏

赞赏一下


☑️ 尊敬的读者,欢迎留言❗️
敬请注册!点击 “登录” - “用户注册”(已知不支持 21.cn/189.cn 邮箱)。 请勿使用联合登录(已关闭)