VMWare Apache Log4j 영향받는 제품 모음.(vCenter 포함)

기본적으로 많이들 사용하고 계시는 ESXi 하이퍼바이저의경우에는 영향도가없고

혹시 vCenter를 사용하신다면 바로 업데이트하셔야합니다.

https://www.vmware.com/security/advisories/VMSA-2021-0028.html 세부CVE-2021-44228은 제공되는 Apache Log4j 오픈 소스 구성 요소를 통해 여러 VMware 제품에 영향을 미치는 것으로 확인되었습니다. 이 취약점과 VMware 제품에 미치는 영향은 다음 VMSA(VMware 보안 권고)에 문서화되어 있습니다. 계속하기 전에 이 문서를 검토하십시오.

CVE-2021-44228 –

Response Matrix:

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Horizon	8.x, 7.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87073	None
VMware vCenter Server	7.x, 6.7.x, 6.5.x	Virtual Appliance	CVE-2021-44228	10.0	Critical	Patch Pending	KB87081	None
VMware vCenter Server	6.7.x, 6.5.x	Windows	CVE-2021-44228	10.0	Critical	Patch Pending	KB87096	None
VMware HCX	4.2.x, 4.0.x	Any	CVE-2021-44228	10.0	Critical	4.2.3	Workaround Pending	KB87104
VMware HCX	4.1.x	Any	CVE-2021-44228	10.0	Critical	4.1.0.2	Workaround Pending	KB87104
VMware NSX-T Data Center	3.x, 2.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87086	None
VMware Unified Access Gateway	21.x, 20.x, 3.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87092	None
VMware Workspace ONE Access	21.x, 20.10.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87090	None
VMware Identity Manager	3.3.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87093	None
VMware vRealize Operations	8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87076	None
VMware vRealize Operations Cloud Proxy	Any	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87080	None
VMware vRealize Automation	8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87120	None
VMware vRealize Automation	7.6	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87121	None
VMware vRealize Lifecycle Manager	8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87097	None
VMware Carbon Black Cloud Workload Appliance	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	UeX 109167	None
VMware Carbon Black EDR Server	7.x, 6.x	Any	CVE-2021-44228	10.0	Critical	7.6.0	UeX 109168	None
VMware Site Recovery Manager, vSphere Replication	8.3, 8.4, 8.5	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87098	None
VMware Tanzu GemFire	1.14.x, 1.13.x, 1.10.x	Any	CVE-2021-44228	10.0	Critical	1.14.1, 1.13.4	Article Number 13262	None
VMware Tanzu Greenplum	6.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Article Number 13256	None
VMware Tanzu Operations Manager	2.x	Any	CVE-2021-44228	10.0	Critical	2.10.23	Article Number 13264	None
VMware Tanzu Application Service for VMs	2.x	Any	CVE-2021-44228	10.0	Critical	2.7.42, 2.10.22, 2.11.10, 2.12.3	Article Number 13265	None
VMware Tanzu Kubernetes Grid Integrated Edition	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Article Number 13263	None
VMware Tanzu Observability by Wavefront Nozzle	3.x, 2.x	Any	CVE-2021-44228	10.0	Critical	3.0.3	None	None
Healthwatch for Tanzu Application Service	2.x	Any	CVE-2021-44228	10.0	Critical	2.1.7	None	None
Healthwatch for Tanzu Application Service	1.x	Any	CVE-2021-44228	10.0	Critical	1.8.6	None	None
Spring Cloud Services for VMware Tanzu	3.x	Any	CVE-2021-44228	10.0	Critical	3.1.26	None	None
Spring Cloud Gateway for VMware Tanzu	1.x	Any	CVE-2021-44228	10.0	Critical	1.1.3	Workaround Pending	None
Spring Cloud Gateway for Kubernetes	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
API Portal for VMware Tanzu	1.x	Any	CVE-2021-44228	10.0	Critical	1.0.7	Workaround Pending	None
Single Sign-On for VMware Tanzu Application Service	1.x	Any	CVE-2021-44228	10.0	Critical	1.14.5	Workaround Pending	None
App Metrics	2.x	Any	CVE-2021-44228	10.0	Critical	2.1.1	None	None
VMware vCenter Cloud Gateway	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87081	None
VMware vRealize Orchestrator	8.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87120	None
VMware vRealize Orchestrator	7.6	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87122	None
VMware Cloud Foundation	4.x, 3.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87095	None
VMware Workspace ONE Access Connector (VMware Identity Manager Connector)	21.x, 20.10.x, 19.03.0.1	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87091	None
VMware Horizon DaaS	9.1.x, 9.0.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87101	None
VMware Horizon Cloud Connector	1.x, 2.x	Any	CVE-2021-44228	10.0	Critical	2.1.1	None	None
VMware NSX Data Center for vSphere	6.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87099	None
VMware AppDefense Appliance	2.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	UeX 109180	None
VMware Cloud Director Object Storage Extension	2.1.x	Any	CVE-2021-44228	10.0	Critical	2.1.0.1	Workaround Pending	None
VMware Cloud Director Object Storage Extension	2.0.x	Any	CVE-2021-44228	10.0	Critical	2.0.0.3	Workaround Pending	None
VMware Telco Cloud Operations	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Workaround Pending	None
VMware vRealize Log Insight	8.2, 8.3, 8.4, 8.6	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87089	None
VMware Tanzu Scheduler	1.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	Article Number 13280	None
VMware Smart Assurance NCM	10.1.6	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87113	None
VMware Smart Assurance SAM [Service Assurance Manager]	10.1.2, 10.1.5	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87119	None
VMware Integrated OpenStack	7.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87118	None
VMware vRealize Business for Cloud	7.x	Any	CVE-2021-44228	10.0	Critical	Patch Pending	KB87127	None

[Reference] : 달소, 「서버포럼 – VMWare Apache Log4j 영향받는 제품 모음.(vCenter 포함)」 https://svrforum.com/?document_srl=122450&mid=itnews&act=dispBoardContent.

달소씨의 하루

답글 남기기 응답 취소