VMWare Apache Log4j 영향받는 제품 모음.(vCenter 포함)

기본적으로 많이들 사용하고 계시는 ESXi 하이퍼바이저의경우에는 영향도가없고

혹시 vCenter를 사용하신다면 바로 업데이트하셔야합니다.

image.png.jpg

https://www.vmware.com/security/advisories/VMSA-2021-0028.html 세부CVE-2021-44228은 제공되는 Apache Log4j 오픈 소스 구성 요소를 통해 여러 VMware 제품에 영향을 미치는 것으로 확인되었습니다. 이 취약점과 VMware 제품에 미치는 영향은 다음 VMSA(VMware 보안 권고)에 문서화되어 있습니다. 계속하기 전에 이 문서를 검토하십시오.

  • CVE-2021-44228 –

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Horizon8.x, 7.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87073None
VMware vCenter Server7.x, 6.7.x, 6.5.xVirtual ApplianceCVE-2021-4422810.0CriticalPatch PendingKB87081None
VMware vCenter Server6.7.x, 6.5.xWindowsCVE-2021-4422810.0CriticalPatch PendingKB87096None
VMware HCX4.2.x, 4.0.xAnyCVE-2021-4422810.0Critical4.2.3Workaround PendingKB87104
VMware HCX4.1.xAnyCVE-2021-4422810.0Critical4.1.0.2Workaround PendingKB87104
VMware NSX-T Data Center3.x, 2.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87086None
VMware Unified Access Gateway21.x, 20.x, 3.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87092None
VMware Workspace ONE Access21.x, 20.10.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87090None
VMware Identity Manager3.3.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87093None
VMware vRealize Operations8.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87076None
VMware vRealize Operations Cloud ProxyAnyAnyCVE-2021-4422810.0CriticalPatch PendingKB87080None
VMware vRealize Automation8.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87120None
VMware vRealize Automation7.6AnyCVE-2021-4422810.0CriticalPatch PendingKB87121None
VMware vRealize Lifecycle Manager8.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87097None
VMware Carbon Black Cloud Workload Appliance1.xAnyCVE-2021-4422810.0CriticalPatch PendingUeX 109167None
VMware Carbon Black EDR Server7.x, 6.xAnyCVE-2021-4422810.0Critical7.6.0UeX 109168None
VMware Site Recovery Manager, vSphere Replication8.3, 8.4, 8.5AnyCVE-2021-4422810.0CriticalPatch PendingKB87098None
VMware Tanzu GemFire1.14.x, 1.13.x, 1.10.xAnyCVE-2021-4422810.0Critical1.14.1, 1.13.4Article Number 13262None
VMware Tanzu Greenplum6.xAnyCVE-2021-4422810.0CriticalPatch PendingArticle Number 13256None
VMware Tanzu Operations Manager2.xAnyCVE-2021-4422810.0Critical2.10.23Article Number 13264None
VMware Tanzu Application Service for VMs2.xAnyCVE-2021-4422810.0Critical2.7.42, 2.10.22, 2.11.10, 2.12.3Article Number 13265None
VMware Tanzu Kubernetes Grid Integrated Edition1.xAnyCVE-2021-4422810.0CriticalPatch PendingArticle Number 13263None
VMware Tanzu Observability by Wavefront Nozzle3.x, 2.xAnyCVE-2021-4422810.0Critical3.0.3NoneNone
Healthwatch for Tanzu Application Service2.xAnyCVE-2021-4422810.0Critical2.1.7NoneNone
Healthwatch for Tanzu Application Service1.xAnyCVE-2021-4422810.0Critical1.8.6NoneNone
Spring Cloud Services for VMware Tanzu3.xAnyCVE-2021-4422810.0Critical3.1.26NoneNone
Spring Cloud Gateway for VMware Tanzu1.xAnyCVE-2021-4422810.0Critical1.1.3Workaround PendingNone
Spring Cloud Gateway for Kubernetes1.xAnyCVE-2021-4422810.0CriticalPatch PendingWorkaround PendingNone
API Portal for VMware Tanzu1.xAnyCVE-2021-4422810.0Critical1.0.7Workaround PendingNone
Single Sign-On for VMware Tanzu Application Service1.xAnyCVE-2021-4422810.0Critical1.14.5Workaround PendingNone
App Metrics2.xAnyCVE-2021-4422810.0Critical2.1.1NoneNone
VMware vCenter Cloud Gateway1.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87081None
VMware vRealize Orchestrator8.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87120None
VMware vRealize Orchestrator7.6AnyCVE-2021-4422810.0CriticalPatch PendingKB87122None
VMware Cloud Foundation4.x, 3.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87095None
VMware Workspace ONE Access Connector (VMware Identity Manager Connector)21.x, 20.10.x, 19.03.0.1AnyCVE-2021-4422810.0CriticalPatch PendingKB87091None
VMware Horizon DaaS9.1.x, 9.0.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87101None
VMware Horizon Cloud Connector1.x, 2.xAnyCVE-2021-4422810.0Critical2.1.1NoneNone
VMware NSX Data Center for vSphere6.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87099None
VMware AppDefense Appliance2.xAnyCVE-2021-4422810.0CriticalPatch PendingUeX 109180None
VMware Cloud Director Object Storage Extension2.1.xAnyCVE-2021-4422810.0Critical2.1.0.1Workaround PendingNone
VMware Cloud Director Object Storage Extension2.0.xAnyCVE-2021-4422810.0Critical2.0.0.3Workaround PendingNone
VMware Telco Cloud Operations1.xAnyCVE-2021-4422810.0CriticalPatch PendingWorkaround PendingNone
VMware vRealize Log Insight8.2, 8.3, 8.4, 8.6AnyCVE-2021-4422810.0CriticalPatch PendingKB87089None
VMware Tanzu Scheduler1.xAnyCVE-2021-4422810.0CriticalPatch PendingArticle Number 13280None
VMware Smart Assurance NCM10.1.6AnyCVE-2021-4422810.0CriticalPatch PendingKB87113None
VMware Smart Assurance SAM [Service Assurance Manager]10.1.2, 10.1.5AnyCVE-2021-4422810.0CriticalPatch PendingKB87119None
VMware Integrated OpenStack7.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87118None
VMware vRealize Business for Cloud7.xAnyCVE-2021-4422810.0CriticalPatch PendingKB87127None

[Reference] : 달소, 「서버포럼 – VMWare Apache Log4j 영향받는 제품 모음.(vCenter 포함)」 https://svrforum.com/?document_srl=122450&mid=itnews&act=dispBoardContent.

 

————————————————–

사이트 리뉴얼중입니다~

서버(Linux, ESXi), NAS(헤놀로지, ESXi 및 IT관련 정보, 기타 등등을 공유하는 커뮤니티 SVRFORUM을 새로 만들었습니다.
많은 가입(?) 부탁드립니다~
https://svrforum.com

이전글들은 모두 상단 메뉴의 Blog 글 모음에있습니다!

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다

홈서버 IT 커뮤니티 SVRFORUM
Link