기본적으로 많이들 사용하고 계시는 ESXi 하이퍼바이저의경우에는 영향도가없고
혹시 vCenter를 사용하신다면 바로 업데이트하셔야합니다.
https://www.vmware.com/security/advisories/VMSA-2021-0028.html 세부CVE-2021-44228은 제공되는 Apache Log4j 오픈 소스 구성 요소를 통해 여러 VMware 제품에 영향을 미치는 것으로 확인되었습니다. 이 취약점과 VMware 제품에 미치는 영향은 다음 VMSA(VMware 보안 권고)에 문서화되어 있습니다. 계속하기 전에 이 문서를 검토하십시오.
- CVE-2021-44228 –
Response Matrix:
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
VMware Horizon | 8.x, 7.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87073 | None |
VMware vCenter Server | 7.x, 6.7.x, 6.5.x | Virtual Appliance | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87081 | None |
VMware vCenter Server | 6.7.x, 6.5.x | Windows | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87096 | None |
VMware HCX | 4.2.x, 4.0.x | Any | CVE-2021-44228 | 10.0 | Critical | 4.2.3 | Workaround Pending | KB87104 |
VMware HCX | 4.1.x | Any | CVE-2021-44228 | 10.0 | Critical | 4.1.0.2 | Workaround Pending | KB87104 |
VMware NSX-T Data Center | 3.x, 2.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87086 | None |
VMware Unified Access Gateway | 21.x, 20.x, 3.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87092 | None |
VMware Workspace ONE Access | 21.x, 20.10.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87090 | None |
VMware Identity Manager | 3.3.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87093 | None |
VMware vRealize Operations | 8.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87076 | None |
VMware vRealize Operations Cloud Proxy | Any | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87080 | None |
VMware vRealize Automation | 8.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87120 | None |
VMware vRealize Automation | 7.6 | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87121 | None |
VMware vRealize Lifecycle Manager | 8.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87097 | None |
VMware Carbon Black Cloud Workload Appliance | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | UeX 109167 | None |
VMware Carbon Black EDR Server | 7.x, 6.x | Any | CVE-2021-44228 | 10.0 | Critical | 7.6.0 | UeX 109168 | None |
VMware Site Recovery Manager, vSphere Replication | 8.3, 8.4, 8.5 | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87098 | None |
VMware Tanzu GemFire | 1.14.x, 1.13.x, 1.10.x | Any | CVE-2021-44228 | 10.0 | Critical | 1.14.1, 1.13.4 | Article Number 13262 | None |
VMware Tanzu Greenplum | 6.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Article Number 13256 | None |
VMware Tanzu Operations Manager | 2.x | Any | CVE-2021-44228 | 10.0 | Critical | 2.10.23 | Article Number 13264 | None |
VMware Tanzu Application Service for VMs | 2.x | Any | CVE-2021-44228 | 10.0 | Critical | 2.7.42, 2.10.22, 2.11.10, 2.12.3 | Article Number 13265 | None |
VMware Tanzu Kubernetes Grid Integrated Edition | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Article Number 13263 | None |
VMware Tanzu Observability by Wavefront Nozzle | 3.x, 2.x | Any | CVE-2021-44228 | 10.0 | Critical | 3.0.3 | None | None |
Healthwatch for Tanzu Application Service | 2.x | Any | CVE-2021-44228 | 10.0 | Critical | 2.1.7 | None | None |
Healthwatch for Tanzu Application Service | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | 1.8.6 | None | None |
Spring Cloud Services for VMware Tanzu | 3.x | Any | CVE-2021-44228 | 10.0 | Critical | 3.1.26 | None | None |
Spring Cloud Gateway for VMware Tanzu | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | 1.1.3 | Workaround Pending | None |
Spring Cloud Gateway for Kubernetes | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
API Portal for VMware Tanzu | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | 1.0.7 | Workaround Pending | None |
Single Sign-On for VMware Tanzu Application Service | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | 1.14.5 | Workaround Pending | None |
App Metrics | 2.x | Any | CVE-2021-44228 | 10.0 | Critical | 2.1.1 | None | None |
VMware vCenter Cloud Gateway | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87081 | None |
VMware vRealize Orchestrator | 8.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87120 | None |
VMware vRealize Orchestrator | 7.6 | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87122 | None |
VMware Cloud Foundation | 4.x, 3.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87095 | None |
VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87091 | None |
VMware Horizon DaaS | 9.1.x, 9.0.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87101 | None |
VMware Horizon Cloud Connector | 1.x, 2.x | Any | CVE-2021-44228 | 10.0 | Critical | 2.1.1 | None | None |
VMware NSX Data Center for vSphere | 6.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87099 | None |
VMware AppDefense Appliance | 2.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | UeX 109180 | None |
VMware Cloud Director Object Storage Extension | 2.1.x | Any | CVE-2021-44228 | 10.0 | Critical | 2.1.0.1 | Workaround Pending | None |
VMware Cloud Director Object Storage Extension | 2.0.x | Any | CVE-2021-44228 | 10.0 | Critical | 2.0.0.3 | Workaround Pending | None |
VMware Telco Cloud Operations | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Workaround Pending | None |
VMware vRealize Log Insight | 8.2, 8.3, 8.4, 8.6 | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87089 | None |
VMware Tanzu Scheduler | 1.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | Article Number 13280 | None |
VMware Smart Assurance NCM | 10.1.6 | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87113 | None |
VMware Smart Assurance SAM [Service Assurance Manager] | 10.1.2, 10.1.5 | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87119 | None |
VMware Integrated OpenStack | 7.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87118 | None |
VMware vRealize Business for Cloud | 7.x | Any | CVE-2021-44228 | 10.0 | Critical | Patch Pending | KB87127 | None |
[Reference] : 달소, 「서버포럼 – VMWare Apache Log4j 영향받는 제품 모음.(vCenter 포함)」 https://svrforum.com/?document_srl=122450&mid=itnews&act=dispBoardContent.