Blue Flower

Apache Log4j2 Remote Code Execution vulnerability CVE-2021-44228

VMware 产品几乎全部沦陷,详见安全公告

仅有少量产品不受影响(详见 kb)。

响应矩阵

Updated On: 2022-02-14 所有产品修复完毕。

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware Horizon 8.x, 7.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87073 KB87073 None
VMware vCenter Server 7.x Virtual Appliance CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 7.0U3c KB87081 None
VMware vCenter Server 6.7.x Virtual Appliance CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.7 U3q KB87081 None
VMware vCenter Server 6.7.x Windows CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.7 U3q KB87096 None
VMware vCenter Server 6.5.x Virtual Appliance CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.5 U3s KB87081 None
VMware vCenter Server 6.5.x Windows CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.5 U3s KB87096 None
VMware Cloud Foundation 4.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 4.4 KB87095 None
VMware Cloud Foundation 3.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.11 KB87095 None
VMware HCX 4.3 Any CVE-2021-44228, CVE-2021-45046 N/A N/A Not Affected N/A N/A
VMware HCX 4.2.x, 4.0.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 4.2.4 KB87104 None
VMware HCX 4.1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 4.1.0.3 KB87104 None
VMware NSX-T Data Center 3.1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.1.3.5 KB87086 None
VMware NSX-T Data Center 3.0.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.0.3.1 KB87086 None
VMware NSX-T Data Center 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.5.3.4 KB87086 None
VMware Unified Access Gateway 21.x, 20.x, 3.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2111.1 KB87092 None
VMware Workspace ONE Access 21.x, 20.10.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87183 KB87090 None
VMware Identity Manager 3.3.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.3.6 KB87093 None
VMware Site Recovery Manager, vSphere Replication 8.5.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.5.0.2 KB87098 None
VMware Site Recovery Manager, vSphere Replication 8.4.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.4.0.4 KB87098 None
VMware Site Recovery Manager, vSphere Replication 8.3.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.3.1.5 KB87098 None
VMware vCenter Cloud Gateway 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87081 KB87081 None
VMware Workspace ONE Access Connector (VMware Identity Manager Connector) 21.08.0.1, 21.08, 20.10, 19.03.0.1 Windows CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87184 KB87091 None
VMware Horizon DaaS 9.1.x, 9.0.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87101 KB87101 None
VMware Horizon Cloud Connector 1.x, 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.1.2 None None
VMware NSX Data Center for vSphere 6.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.4.12 KB87099 None
VMware AppDefense Appliance 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical N/A UeX 109180 None
VMware Cloud Director Object Storage Extension 2.1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.1.0.1 KB87102 None
VMware Cloud Director Object Storage Extension 2.0.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.0.0.3 KB87102 None
VMware Telco Cloud Operations 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.4.0.1 KB87143 None
VMware Smart Assurance NCM 10.1.6.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 10.1.6.1 KB87113 None
VMware Smart Assurance SAM [Service Assurance Manager] 10.1.5 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 10.1.5.5 KB87119 None
VMware Smart Assurance SAM [Service Assurance Manager] 10.1.2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 10.1.2.16 KB87119 None
VMware Smart Assurance SAM [Service Assurance Manager] 10.1.0.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 10.1.0.16 KB87119 None
VMware Integrated OpenStack 7.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 7.2 KB87118 None
VMware Cloud Provider Lifecycle Manager 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.2.0.1 KB87142 None
VMware SD-WAN VCO 4.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87158 KB87158 None
VMware NSX Intelligence 1.2.x, 1.1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.2.1.1 KB87150 None
VMware Horizon Agents Installer 21.x.x, 20.x.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87157 KB87157 None
VMware Smart Assurance M&R 9.6-6.8u5, 10.1.2-7.0u8, 10.1.5-7.2 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 10.1.7-7.3.0.5 KB87161 None
Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware Carbon Black Cloud Workload Appliance 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.1.2 UeX 190167 None
VMware Carbon Black EDR Server 7.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 7.6.1 UeX 109183 None
Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware vRealize Automation 8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.6.2 KB87120 None
VMware vRealize Automation 7.6 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB70911 KB87121 None
VMware vRealize Business for Cloud 7.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87539 KB87127 None
VMware vRealize Lifecycle Manager 8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.6.2 KB87097 None
VMware vRealize Log Insight 8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87519 KB87089 None
VMware vRealize Network Insight 6.x, 5.3 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.5.1 KB87135 None
VMware vRealize Operations 8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87076 KB87076 None
VMware vRealize Operations Cloud (Cloud Proxy) Any Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical Q4FY22 Cloud Update KB87080 None
VMware vRealize Operations Tenant App for VMware Cloud Director 2.5 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.5.1 KB87187 None
VMware vRealize Orchestrator 8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.6.2 KB87120 None
VMware vRealize Orchestrator 7.6 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB70629 KB87122 None
VMware vRealize True Visibility Suite Any Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87136 KB87136 None
Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
App Metrics 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.1.2 None None
API Portal for VMware Tanzu 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.0.8 None None
Healthwatch for Tanzu Application Service 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.1.8 None None
Healthwatch for Tanzu Application Service 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.8.7 None None
Single Sign-On for VMware Tanzu Application Service 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.14.6 None None
Spring Cloud Gateway for Kubernetes 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.0.7 None None
Spring Cloud Gateway for VMware Tanzu 1.1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.1.4 None None
Spring Cloud Gateway for VMware Tanzu 1.0.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.0.19 None None
Spring Cloud Services for VMware Tanzu 3.x Any CVE-2021-44228, CVE-2021-45046 !0.0, 9.0 critical 3.1.27 None None
Spring Cloud Services for VMware Tanzu 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.1.10 None None
VMware Greenplum Text 3.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.8.1 Article Number 13256 None
VMware Harbor Container Registry for TKGI 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.4.1 Article Number 13263 None
VMware Tanzu Application Service for VMs 2.12.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.12.5 Article Number 13265 None
VMware Tanzu Application Service for VMs 2.11.x Any CVE-2021-44228, CVE-45046 10.0, 9.0 critical 2.11.13 Article Number 13265 None
VMware Tanzu Application Service for VMs 2.10.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.10.24 Article Number 13265 None
VMware Tanzu Application Service for VMs 2.9.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.9.30 Article Number 13265 None
VMware Tanzu Application Service for VMs 2.8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.8.30 Article Number 13265 None
VMware Tanzu Application Service for VMs 2.7.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.7.44 Article Number 13265 None
VMware Tanzu GemFire 9.10.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 9.10.13 Article Number 13255 None
VMware Tanzu GemFire 9.9.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 9.9.7 Article Number 13255 None
VMware Tanzu GemFire for VMs 1.14.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.14.2 Article Number 13262 None
VMware Tanzu GemFire for VMs 1.13.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.13.5 Article Number 13262 None
VMware Tanzu GemFire for VMs 1.12.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.12.4 Article Number 13262 None
VMware Tanzu Greenplum Platform Extension Framework 6.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.2.1 Article Number 13256 None
VMware Tanzu Kubernetes Grid Integrated Edition 1.13.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.13.1 Article Number 13263 None
VMware Tanzu Kubernetes Grid Integrated Edition 1.10.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.10.8 Article Number 13263 None
VMware Tanzu Observability by Wavefront Nozzle 3.x, 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.0.4 None None
VMware Tanzu Observability Proxy 10.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 10.12 Article Number 13272 None
VMware Tanzu Operations Manager 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.10.25 Article Number 13264 None
VMware Tanzu Scheduler 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.6.1 Article Number 13280 None

下载仅供下载体验和测试学习,不得商用和正当使用。

下载体验

请输入密码查看内容!

如何获取密码?

 

点击下载