Haberler

Log4j Yayılmaya Devam Ediyor Şimdi de VMware

Log4j zafiyeti yavaş yavaş etkilerini göstermeye başladı. Log4j kütüphanelerini kullanan üreticiler ürünleri için güncelleme yayınlamaya devam ediyor. Bunlardan biriside VMware oldu.

VMware yaptığı açıklamada etklienen ürünleri şöyle listeledi:

  • VMware Horizon
  • VMware vCenter Server
  • VMware HCX
  • VMware NSX-T Data Center
  • VMware Unified Access Gateway
  • VMware WorkspaceOne Access
  • VMware Identity Manager 
  • VMware vRealize Operations
  • VMware vRealize Operations Cloud Proxy
  • VMware vRealize Log Insight
  • VMware vRealize Automation
  • VMware Telco Cloud Automation
  • VMware Site Recovery Manager
  • VMware Carbon Black Cloud Workload Appliance
  • VMware Tanzu GemFire
  • VMware Tanzu Greenplum
  • VMware Tanzu Operations Manager
  • VMware Tanzu Application Service for VMs
  • VMware Tanzu Kubernetes Grid Integrated Edition
  • VMware Tanzu Observability by Wavefront Nozzle
  • Healthwatch for Tanzu Application Service
  • Spring Cloud Services for VMware Tanzu
  • Spring Cloud Gateway for VMware Tanzu
  • Spring Cloud Gateway for Kubernetes
  • API Portal for VMware Tanzu
  • Single Sign-On for VMware Tanzu Application Service

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Horizon8.x, 7.xAnyCVE-2021-4422810.0Critical Patch PendingKB87073None
VMware vCenter Server7.x, 6.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware HCX4.x, 3.xAnyCVE-2021-4422810.0Critical Patch PendingKB86169None
VMware NSX-T Data Center3.x, 2.xAnyCVE-2021-4422810.0Critical Patch PendingKB87086None
VMware Unified Access Gateway21.x, 20.x, 3.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Workspace ONE Access21.x, 20.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Identity Manager3.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware vRealize Operations8.xAnyCVE-2021-4422810.0Critical Patch PendingKB87076None
VMware vRealize Operations Cloud ProxyAnyAnyCVE-2021-4422810.0Critical Patch PendingKB87080None
VMware vRealize Log Insight8.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware vRealize Automation8.x, 7.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Telco Cloud Automation2.x, 1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Carbon Black Cloud Workload Appliance1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Site Recovery Manager8.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Tanzu GemFire9.x, 8.xAnyCVE-2021-4422810.0Critical Patch PendingArticle Number 13255None
VMware Tanzu Greenplum6.xAnyCVE-2021-4422810.0Critical Patch PendingArticle Number 13256None
VMware Tanzu Operations Manager2.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Tanzu Application Service for VMs2.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Tanzu Kubernetes Grid Integrated Edition1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
VMware Tanzu Observability by Wavefront Nozzle3.x, 2.xAnyCVE-2021-4422810.0Critical 3.0.3Workaround PendingNone
Healthwatch for Tanzu Application Service2.x, 1.xAnyCVE-2021-4422810.0Critical 2.1.7, 1.8.6Workaround PendingNone
Spring Cloud Services for VMware Tanzu3.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
Spring Cloud Gateway for VMware Tanzu1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
Spring Cloud Gateway for Kubernetes1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
API Portal for VMware Tanzu1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone
Single Sign-On for VMware Tanzu Application Service1.xAnyCVE-2021-4422810.0Critical Patch PendingWorkaround PendingNone

Kaynak: https://www.vmware.com/security/advisories/VMSA-2021-0028.html

İlgili Makaleler

Bir cevap yazın

E-posta hesabınız yayımlanmayacak.

Başa dön tuşu

Reklam Engelleyici Algılandı

ÇözümPark Bilişim Portalı gönüllü bir organizasyon olup tek gelir kaynağı reklamlardır. Bu nedenle siteyi gezerken lütfen reklam engelleme eklentinizi kapatın veya Çözümpark web sitesi için izin tanımı yapın. Anlayışınız için teşekkürler.