VMWare Apache Log4j 영향받는 제품 모음.(vCenter 포함)
출처 | https://www.vmware.com/security/advisories/VMSA-2021-0028.html |
---|
기본적으로 많이들 사용하고 계시는 ESXi 하이퍼바이저의경우에는 영향도가없고
혹시 vCenter를 사용하신다면 바로 업데이트하셔야합니다.
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
- CVE-2021-44228 –
Response Matrix:
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
VMware Horizon |
8.x, 7.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware vCenter Server |
7.x, 6.7.x, 6.5.x |
Virtual Appliance |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware vCenter Server |
6.7.x, 6.5.x |
Windows |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware HCX |
4.2.x, 4.0.x |
Any |
CVE-2021-44228 |
Critical |
Workaround Pending |
|||
VMware HCX |
4.1.x |
Any |
CVE-2021-44228 |
Critical |
Workaround Pending |
|||
VMware NSX-T Data Center |
3.x, 2.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Unified Access Gateway |
21.x, 20.x, 3.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Workspace ONE Access |
21.x, 20.10.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Identity Manager |
3.3.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware vRealize Operations |
8.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware vRealize Operations Cloud Proxy |
Any |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware vRealize Automation |
8.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware vRealize Automation |
7.6 |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware vRealize Lifecycle Manager |
8.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Carbon Black Cloud Workload Appliance |
1.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Carbon Black EDR Server |
7.x, 6.x |
Any |
CVE-2021-44228 |
Critical |
None |
|||
VMware Site Recovery Manager, vSphere Replication |
8.3, 8.4, 8.5 |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Tanzu GemFire |
1.14.x, 1.13.x, 1.10.x |
Any |
CVE-2021-44228 |
Critical |
None |
|||
VMware Tanzu Greenplum |
6.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Tanzu Operations Manager |
2.x |
Any |
CVE-2021-44228 |
Critical |
None |
|||
VMware Tanzu Application Service for VMs |
2.x |
Any |
CVE-2021-44228 |
Critical |
None |
|||
VMware Tanzu Kubernetes Grid Integrated Edition |
1.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Tanzu Observability by Wavefront Nozzle |
3.x, 2.x |
Any |
CVE-2021-44228 |
Critical |
None |
None |
||
Healthwatch for Tanzu Application Service |
2.x |
Any |
CVE-2021-44228 |
Critical |
None |
None |
||
Healthwatch for Tanzu Application Service |
1.x |
Any |
CVE-2021-44228 |
Critical |
None |
None |
||
Spring Cloud Services for VMware Tanzu |
3.x |
Any |
CVE-2021-44228 |
Critical |
None |
None |
||
Spring Cloud Gateway for VMware Tanzu |
1.x |
Any |
CVE-2021-44228 |
Critical |
Workaround Pending |
None |
||
Spring Cloud Gateway for Kubernetes |
1.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
Workaround Pending |
None |
|
API Portal for VMware Tanzu |
1.x |
Any |
CVE-2021-44228 |
Critical |
Workaround Pending |
None |
||
Single Sign-On for VMware Tanzu Application Service |
1.x |
Any |
CVE-2021-44228 |
Critical |
Workaround Pending |
None |
||
App Metrics |
2.x |
Any |
CVE-2021-44228 |
Critical |
None |
None |
||
VMware vCenter Cloud Gateway |
1.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware vRealize Orchestrator |
8.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware vRealize Orchestrator |
7.6 |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Cloud Foundation |
4.x, 3.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Workspace ONE Access Connector (VMware Identity Manager Connector) |
21.x, 20.10.x, 19.03.0.1 |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Horizon DaaS |
9.1.x, 9.0.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Horizon Cloud Connector |
1.x, 2.x |
Any |
CVE-2021-44228 |
Critical |
None |
None |
||
VMware NSX Data Center for vSphere |
6.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware AppDefense Appliance |
2.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Cloud Director Object Storage Extension |
2.1.x |
Any |
CVE-2021-44228 |
Critical |
Workaround Pending |
None |
||
VMware Cloud Director Object Storage Extension |
2.0.x |
Any |
CVE-2021-44228 |
Critical |
Workaround Pending |
None |
||
VMware Telco Cloud Operations |
1.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
Workaround Pending |
None |
|
VMware vRealize Log Insight |
8.2, 8.3, 8.4, 8.6 |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Tanzu Scheduler |
1.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Smart Assurance NCM |
10.1.6 |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Smart Assurance SAM [Service Assurance Manager] |
10.1.2, 10.1.5 |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware Integrated OpenStack |
7.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
||
VMware vRealize Business for Cloud |
7.x |
Any |
CVE-2021-44228 |
Critical |
Patch Pending |
None |
다행히(?) ESXI 6.7은 큰 문제 없나보네요.
그나저나 xpenology 6.2.3이랑 7.0.1 쓰고있는데 둘다 영향있을까봐 두렵습니다. ㅠ.ㅠ;;
아 다행히 시놀은 안전하네요.
헤놀도... 같이 안전할거라고 희망회로를 ㅎㅎ;;
https://www.reddit.com/r/synology/comments/rdl1f3/log4j_aka_log4shell_zero_day_vulnerability/
ㅎㅎㅎ 헤놀도 똑같겠죠!