최신 IT뉴스
  • 돌아가기
  • 아래로
  • 위로
  • 목록
  • 댓글
보안

VMWare Apache Log4j 영향받는 제품 모음.(vCenter 포함)

달소 달소 403

1
3
출처 https://www.vmware.com/security/advisories/VMSA-2021-0028.html
https://svrforum.com/itnews/122450  복사

 

기본적으로 많이들 사용하고 계시는 ESXi 하이퍼바이저의경우에는 영향도가없고

혹시 vCenter를 사용하신다면 바로 업데이트하셔야합니다.

 

image.png.jpg

https://www.vmware.com/security/advisories/VMSA-2021-0028.html

 

 세부
CVE-2021-44228은 제공되는 Apache Log4j 오픈 소스 구성 요소를 통해 여러 VMware 제품에 영향을 미치는 것으로 확인되었습니다. 이 취약점과 VMware 제품에 미치는 영향은 다음 VMSA(VMware 보안 권고)에 문서화되어 있습니다. 계속하기 전에 이 문서를 검토하십시오.
  • CVE-2021-44228 –

 

Response Matrix:

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation

VMware Horizon

8.x, 7.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87073

None

VMware vCenter Server

7.x, 6.7.x, 6.5.x

Virtual Appliance

CVE-2021-44228

10.0

Critical

Patch Pending

KB87081

None

VMware vCenter Server

6.7.x, 6.5.x

Windows

CVE-2021-44228

10.0

Critical

Patch Pending

KB87096

None

VMware HCX

4.2.x, 4.0.x

Any

CVE-2021-44228

10.0

Critical

4.2.3

Workaround Pending

KB87104

VMware HCX

4.1.x

Any

CVE-2021-44228

10.0

Critical

4.1.0.2

Workaround Pending

KB87104

VMware NSX-T Data Center

3.x, 2.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87086

None

VMware Unified Access Gateway

21.x, 20.x, 3.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87092

None

VMware Workspace ONE Access

21.x, 20.10.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87090

None

VMware Identity Manager

3.3.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87093

None

VMware vRealize Operations

8.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87076

None

VMware vRealize Operations Cloud Proxy

Any

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87080

None

VMware vRealize Automation

8.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87120

None

VMware vRealize Automation

7.6

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87121

None

VMware vRealize Lifecycle Manager

8.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87097

None

VMware Carbon Black Cloud Workload Appliance

1.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

UeX 109167

None

VMware Carbon Black EDR Server

7.x, 6.x

Any

CVE-2021-44228

10.0

Critical

7.6.0

UeX 109168

None

VMware Site Recovery Manager, vSphere Replication

8.3, 8.4, 8.5

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87098

None

VMware Tanzu GemFire

1.14.x, 1.13.x, 1.10.x

Any

CVE-2021-44228

10.0

Critical

1.14.1, 1.13.4

Article Number 13262

None

VMware Tanzu Greenplum

6.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

Article Number 13256

None

VMware Tanzu Operations Manager

2.x

Any

CVE-2021-44228

10.0

Critical

2.10.23

Article Number 13264

None

VMware Tanzu Application Service for VMs

2.x

Any

CVE-2021-44228

10.0

Critical

2.7.42, 2.10.22, 2.11.10, 2.12.3

Article Number 13265

None

VMware Tanzu Kubernetes Grid Integrated Edition

1.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

Article Number 13263

None

VMware Tanzu Observability by Wavefront Nozzle

3.x, 2.x

Any

CVE-2021-44228

10.0

Critical

3.0.3

None

None

Healthwatch for Tanzu Application Service

2.x

Any

CVE-2021-44228

10.0

Critical

2.1.7

None

None

Healthwatch for Tanzu Application Service

1.x

Any

CVE-2021-44228

10.0

Critical

1.8.6

None

None

Spring Cloud Services for VMware Tanzu

3.x

Any

CVE-2021-44228

10.0

Critical

3.1.26

None

None

Spring Cloud Gateway for VMware Tanzu

1.x

Any

CVE-2021-44228

10.0

Critical

1.1.3

Workaround Pending

None

Spring Cloud Gateway for Kubernetes

1.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

Workaround Pending

None

API Portal for VMware Tanzu

1.x

Any

CVE-2021-44228

10.0

Critical

1.0.7

Workaround Pending

None

Single Sign-On for VMware Tanzu Application Service

1.x

Any

CVE-2021-44228

10.0

Critical

1.14.5

Workaround Pending

None

App Metrics

2.x

Any

CVE-2021-44228

10.0

Critical

2.1.1

None

None

VMware vCenter Cloud Gateway

1.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87081

None

VMware vRealize Orchestrator

8.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87120

None

VMware vRealize Orchestrator

7.6

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87122

None

VMware Cloud Foundation

4.x, 3.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87095

None

VMware Workspace ONE Access Connector (VMware Identity Manager Connector)

21.x, 20.10.x, 19.03.0.1

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87091

None

VMware Horizon DaaS

9.1.x, 9.0.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87101

None

VMware Horizon Cloud Connector

1.x, 2.x

Any

CVE-2021-44228

10.0

Critical

2.1.1

None

None

VMware NSX Data Center for vSphere

6.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87099

None

VMware AppDefense Appliance

2.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

UeX 109180

None

VMware Cloud Director Object Storage Extension

2.1.x

Any

CVE-2021-44228

10.0

Critical

2.1.0.1

Workaround Pending

None

VMware Cloud Director Object Storage Extension

2.0.x

Any

CVE-2021-44228

10.0

Critical

2.0.0.3

Workaround Pending

None

VMware Telco Cloud Operations

1.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

Workaround Pending

None

VMware vRealize Log Insight

8.2, 8.3, 8.4, 8.6

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87089

None

VMware Tanzu Scheduler

1.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

Article Number 13280

None

VMware Smart Assurance NCM

10.1.6

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87113

None

VMware Smart Assurance SAM [Service Assurance Manager]

10.1.2, 10.1.5

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87119

None

VMware Integrated OpenStack

7.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87118

None

VMware vRealize Business for Cloud

7.x

Any

CVE-2021-44228

10.0

Critical

Patch Pending

KB87127

None
Tags
신고공유스크랩
3
1명이 추천

달소 달소
98Lv. 192497P
다음 레벨까지 3523P


메인서버 - Ryzen 5700G / Proxmox 7.2 / Ubuntu / Xpenology / 기타 VM 등등
보조서버 - Intel i9-9900ES(QQC0) / H370M / Proxmox 7.1 / 아직개발용서버로 사용중
백업스토리지서버 - DS920+ 
하드웨어,가상화 등등 여러 IT분야에 관심이 두루두루많습니다만 깊게알고있는건 없습니다 하하하

1등
th20ry 2021.12.15. 08:07

다행히(?) ESXI 6.7은 큰 문제 없나보네요.

그나저나 xpenology 6.2.3이랑 7.0.1 쓰고있는데 둘다 영향있을까봐 두렵습니다. ㅠ.ㅠ;;

댓글 댓글주소복사
th20ry 2021.12.15. 08:10
th20ry

아 다행히 시놀은 안전하네요.

헤놀도... 같이 안전할거라고 희망회로를 ㅎㅎ;;

https://www.reddit.com/r/synology/comments/rdl1f3/log4j_aka_log4shell_zero_day_vulnerability/

댓글 댓글주소복사

댓글 쓰기 권한이 없습니다. 로그인

취소 댓글 등록
에디터

신고

"님의 댓글"

이 댓글을 신고하시겠습니까?

댓글 삭제

"님의 댓글"

삭제하시겠습니까?


목록

공유

facebooktwitterpinterestbandkakao story
🔥인기
쓰기
검색 쓰기
이전첫 페이지입니다
12345 ... 7
다음
이동할 페이지 번호
입력 후 엔터
('7'이하의 숫자)

검색