www.vmware.com
Open in
urlscan Pro
2a02:26f0:1700:599::2ef
Public Scan
URL:
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
Submission: On February 24 via api from SG — Scanned from DE
Submission: On February 24 via api from SG — Scanned from DE
Form analysis
2 forms found in the DOM//www.vmware.com/search.html
<form action="//www.vmware.com/search.html" id="globalsearch" class="wrapperSearch">
<input type="text" name="q" id="ub-search" class="d-none" placeholder="Search" aria-role="searchbox" role="searchbox">
<a href="javascript:void(0);" aria-label="Search vmware.com" class="search-icon ml-lg-3" name="nav_utility : Search">
<i class="fa fa-search text-indigo mr-2 mr-lg-0" aria-hidden="true"></i>
</a>
<input type="hidden" name="num" value="20">
<input type="hidden" name="filter" value="0">
<input type="hidden" name="ie" value="UTF-8">
<input type="hidden" name="oe" value="UTF-8">
<input type="hidden" name="entqr" value="0">
<input type="hidden" name="start" value="0">
<input type="hidden" name="sort" value="">
<input type="hidden" name="tlen" value="200">
<input type="hidden" name="numgm" value="3">
<input type="hidden" name="cn" value="vmware">
<input type="hidden" name="cid" value="">
<input type="hidden" name="tid" value="">
<input type="hidden" name="getfields" value="*">
<input type="hidden" name="partialfields" value="">
<input type="hidden" name="requiredfields" value="">
<input type="hidden" name="place" value="top">
<input type="hidden" name="client" value="VMware_Site_1">
<input type="hidden" name="site" value="VMware_Site_1">
<input type="hidden" name="cc" value="en">
<input type="hidden" name="stype" value="main">
</form>
Name: securitysignup — POST https://lists.vmware.com/mailman/subscribe/security-announce
<form accept-charset="UNKNOWN" action="https://lists.vmware.com/mailman/subscribe/security-announce" enctype="application/x-www-form-urlencoded" id="securitysignup" method="post" name="securitysignup">
<input id="securityEmail" name="email" size="25" type="text" placeholder="Enter your email address">
<span class="btn-submit"><button name="email-button" type="submit" onclick="validateEmail();"><i class="fa fa-chevron-right" aria-hidden="true"></i></button></span>
<span class="subscriptionerrorMsg"></span>
</form>
Text Content
Cookie Settings Global Search US About Us Store Log In Cloud Services Console Customer Connect Partner Connect * Apps & Cloud * Networking * Workspace * Security * By Industry * Partners * Resources APPS & CLOUD Unlock the value of any cloud and accelerate the delivery of modern applications with VMware Cloud. LEARN MORE RELATED LINKS Tanzu Developer Center VMware Tanzu Blog VMware Cloud Blog Customer Stories Cloud Economics VMware Cloud Providers VMware Marketplace SOLUTIONS APPLICATIONS Adopt Containers & Kubernetes Embrace DevSecOps Build Apps & Microservices Modernize Existing Apps MULTI-CLOUD Migrate to the Cloud Scale Capacity On Demand Modernize the Data Center Operate Multi-Cloud Deploy to a Sovereign Cloud Accelerate Disaster Recovery TELCO CLOUD 5G Edge SEE ALL SOLUTIONS PRODUCTS VMWARE CLOUD VMware Cloud Universal VMWARE TANZU Tanzu Community Edition Tanzu Application Platform Tanzu Mission Control Tanzu Labs CLOUD INFRASTRUCTURE VMware Cloud Foundation VMware Cloud on AWS VMware Cloud on AWS Outposts VMware Cloud on Dell EMC Azure VMware Solution Google Cloud VMware Engine IBM Cloud for VMware Solutions Oracle Cloud VMware Solution VMware Cloud Verified VMware Cloud Disaster Recovery SEE ALL PRODUCTS HYPERCONVERGED INFRASTRUCTURE vSphere vSAN NSX Data Center vCenter Server Dell EMC VxRail CLOUD MANAGEMENT vRealize Cloud Management vRealize Cloud Universal vRealize Suite & vCloud Suite vRealize Automation vRealize Operations vRealize Log Insight CloudHealth by VMware Suite CLOUD SECURITY CloudHealth Secure State VMware Carbon Black Workload Tanzu Service Mesh NSX Cloud NETWORKING Accelerate modern app operations with network and security virtualization for WAN, data center and cloud. LEARN MORE RELATED LINKS NSX Hands-on Labs Customer Stories Networking Blog SD-WAN Blog Networking Services VMware Marketplace SOLUTIONS Connect Containers & Kubernetes Secure the Modern Network Automate the Network Enable Cloud Adoption Optimize and Secure the WAN Implement Zero Trust Enable Application Delivery Embrace Remote Work SEE ALL SOLUTIONS PRODUCTS DATA CENTER NETWORKING NSX Advanced Load Balancer NSX Data Center NSX Cloud MODERN APP NETWORKING Antrea Tanzu Service Mesh SECURE ACCESS SERVICE EDGE (SASE) VMware SD-WAN VMware Secure Access VMware Cloud Web Security Edge Network Intelligence SEE ALL PRODUCTS NETWORK SECURITY NSX Distributed Firewall NSX Gateway Firewall NSX Network Detection & Response NSX Distributed IDS/IPS NSX Sandbox NETWORK AUTOMATION & OPERATIONS Global Network Identities vRealize Network Insight HCX NSX Intelligence WORKSPACE Enable any employee to work anywhere, anytime with seamless employee experiences. LEARN MORE RELATED LINKS Workspace ONE HOL Customer Stories Digital Workspace Tech Zone End User Computing Blog Anywhere Workspace Services End User Adoption VMware Marketplace SOLUTIONS Embrace Anywhere Workspace Ensure Experience and Productivity Adopt Zero Trust Security Modern Endpoint Management Empower Frontline Workers Scale with VDI and DaaS SEE ALL SOLUTIONS PRODUCTS WORKSPACE PLATFORM Workspace ONE UNIFIED ENDPOINT MANAGEMENT Workspace ONE UEM Workspace ONE Freestyle Orchestrator Workspace ONE Intelligence Workspace ONE Assist DESKTOP & APP VIRTUALIZATION Horizon Horizon Cloud Workspace ONE Assist for Horizon SEE ALL PRODUCTS DIGITAL EMPLOYEE EXPERIENCE Workspace ONE Intelligent Hub Workspace ONE Productivity Apps Workspace ONE Access VMware SaaS App Management by BetterCloud SECURE ACCESS SERVICE EDGE (SASE) VMware SD-WAN VMware Secure Access ENDPOINT SECURITY VMware Carbon Black Endpoint DESKTOP HYPERVISOR Fusion for Mac Workstation Pro Workstation Player SECURITY Secure your infrastructure across any app, any cloud and any device. LEARN MORE RELATED LINKS Carbon Black Resource Library Security Compliance Blog Customer Stories Professional Services Partner Locator VMware Marketplace SOLUTIONS Implement Zero Trust Modernize the SOC Secure the Multi-Cloud Secure Cloud Workloads SEE ALL SOLUTIONS PRODUCTS VMWARE CARBON BLACK CLOUD VMware Carbon Black Endpoint Workspace ONE Intelligence Endpoint Detection and Response (EDR) App Control MULTI-CLOUD SECURITY VMware Carbon Black Workload CloudHealth Secure State VMware SASE Platform MODERN APPLICATION SECURITY VMware Carbon Black Container VMware Tanzu SEE ALL PRODUCTS NETWORK SECURITY NSX Distributed Firewall NSX Gateway Firewall NSX Network Detection & Response NSX Distributed IDS/IPS NSX Sandbox NSX Advanced Load Balancer NSX Cloud VMware Secure Access VMware SD-WAN SOLUTIONS BY INDUSTRY Explore tailored solutions for your application framework, cloud infrastructure and security architecture. LEARN MORE RELATED LINKS Free Product Trials Customer Stories Industry Solutions Blog Professional Services Find a VMware Cloud Provider SOLUTIONS Financial Services Healthcare Provider Healthcare Payer Retail Government – Federal Government – State & Local Higher Education K-12 Education Life Sciences Manufacturing Communications Service Providers SEE ALL SOLUTIONS ABOUT VMWARE PARTNERS VMware’s global ecosystem of partners helps enterprises be cloud smart. LEARN MORE FOR CUSTOMERS Work with a Partner Find a Partner Find a Cloud Provider VMware Marketplace FOR PARTNERS Work with VMware Become a Cloud Provider Get Cloud Verified Cloud Partner Navigator Technology Partner Hub Partner Connect Login Learning and Selling Resources Partner Executive Edge WHY VMWARE Build, run, manage, connect and protect all of your apps, anywhere with a digital foundation built on VMware. LEARN MORE TOOLS & TRAINING VMware Customer Connect VMware Trust Center Learning & Certification Product Downloads Product Trials Cloud Services Engagement Platform SUPPORT Support Offerings Skyline Product Support Centers Support Customer Welcome Center EVENTS VMworld SpringOne All Events & Webcasts SERVICES Professional Services Customer Success BLOGS & COMMUNITIES Blogs News & Stories Communities CUSTOMERS Customer Stories PARTNERS Work with Partners Find a Partner Find a VMware Cloud Provider Become a Partner Get Cloud Verified Learning & Selling Resources Partner Executive Edge MARKETPLACE VMware Marketplace WHAT IS… Application Modernization Cloud Migration Cloud Networking Hybrid Cloud Hyperconvergence Kubernetes Multi-Cloud Network Security Network Virtualization Private Cloud Unified Endpoint Management SEE ALL TOPICS Ellipsis VMware Security Solutions Advisories * VMSA-2021-0028.13 Critical Advisory ID: VMSA-2021-0028.13 CVSSv3 Range: 9.0-10.0 Issue Date: 2021-12-10 Updated On: 2022-02-14 CVE(s): CVE-2021-44228, CVE-2021-45046 Synopsis: VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046) RSS Feed Download PDF Download Text File Share this page on social media Sign up for Security Advisories 1. IMPACTED PRODUCTS * VMware Horizon * VMware vCenter Server * VMware HCX * VMware NSX-T Data Center * VMware Unified Access Gateway * VMware WorkspaceOne Access * VMware Identity Manager * VMware vRealize Operations * VMware vRealize Operations Cloud (Cloud Proxy) * VMware vRealize Automation * VMware vRealize Lifecycle Manager * VMware Site Recovery Manager, vSphere Replication * VMware Carbon Black Cloud Workload Appliance * VMware Carbon Black EDR Server * VMware Tanzu GemFire * VMware Tanzu GemFire for VMs * VMware Tanzu Greenplum Platform Extension Framework * VMware Greenplum Text * VMware Tanzu Operations Manager * VMware Tanzu Application Service for VMs * VMware Tanzu Kubernetes Grid Integrated Edition * VMware Tanzu Observability by Wavefront Nozzle * Healthwatch for Tanzu Application Service * Spring Cloud Services for VMware Tanzu * Spring Cloud Gateway for VMware Tanzu * Spring Cloud Gateway for Kubernetes * API Portal for VMware Tanzu * Single Sign-On for VMware Tanzu Application Service * App Metrics * VMware vCenter Cloud Gateway * VMware vRealize Orchestrator * VMware Cloud Foundation * VMware Workspace ONE Access Connector * VMware Horizon DaaS * VMware Horizon Cloud Connector * VMware NSX Data Center for vSphere * VMware AppDefense Appliance * VMware Cloud Director Object Storage Extension * VMware Telco Cloud Operations * VMware vRealize Log Insight * VMware Tanzu Scheduler * VMware Smart Assurance NCM * VMware Smart Assurance SAM [Service Assurance Manager] * VMware Integrated OpenStack * VMware vRealize Business for Cloud * VMware vRealize Network Insight * VMware Cloud Provider Lifecycle Manager * VMware SD-WAN VCO * VMware NSX Intelligence * VMware Horizon Agents Installer * VMware Tanzu Observability Proxy * VMware Smart Assurance M&R * VMware Harbor Container Registry for TKGI * VMware vRealize Operations Tenant App for VMware Cloud Director * VMware vRealize True Visibility Suite 2. INTRODUCTION Critical vulnerabilities in Apache Log4j identified by CVE-2021-44228 and CVE-2021-45046 have been publicly disclosed which impact VMware products. 3. PROBLEM DESCRIPTION Description Multiple products impacted by remote code execution vulnerabilities via Apache Log4j (CVE-2021-44228, CVE-2021-45046). Known Attack Vectors A malicious actor with network access to an impacted VMware product may exploit these issues to gain full control of the target system. Resolution Fixes for CVE-2021-44228 and CVE-2021-45046 are documented in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds Workarounds for CVE-2021-44228 and CVE-2021-45046 are documented in the 'Workarounds' column of the 'Response Matrix' below. Additional Documentation None. Acknowledgements None. Notes * 2021/12/10: Exploitation attempts in the wild of CVE-2021-44228 have been confirmed by VMware. * 2021/12/11: A supplemental blog post & frequently asked questions list was created for additional clarification. Please see: https://via.vmw.com/vmsa-2021-0028-faq * 2021/12/13: Unaffected VMware products can be referred to on the Knowledge Base article: https://kb.vmware.com/s/article/87068 * 2021/12/14: The Apache Software Foundation notified the community that their initial guidance for CVE-2021-44228 workarounds were not sufficient in removing all possible attack vectors. In addition, a new vulnerability identified by CVE-2021-45046 was published. In response, VMware has aligned with the new guidance and will be updating associated documentation with workarounds and fixes to address both vulnerabilities completely. * 2021/12/17: The Apache Software Foundation updated the severity of CVE-2021-45046 to 9.0, in response we have aligned our advisory. * 2022/01/07: A pair of new vulnerabilities identified by CVE-2021-45105 and CVE-2021-44832 have been disclosed by the Apache Software Foundation that impact log4j releases prior to 2.17.1 in non-default configurations. VMware has investigated and has found no evidence that these vulnerabilities are exploitable in VMware products. Going forward new log4j vulnerabilities will continue to be evaluated to determine severity and applicability to VMware products, but will not be referenced in this advisory. VMware products will update open source components (including log4j) to the latest available versions in future releases. Response Matrix: Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation VMware Horizon 8.x, 7.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87073 KB87073 None VMware vCenter Server 7.x Virtual Appliance CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 7.0U3c KB87081 None VMware vCenter Server 6.7.x Virtual Appliance CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.7 U3q KB87081 None VMware vCenter Server 6.7.x Windows CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.7 U3q KB87096 None VMware vCenter Server 6.5.x Virtual Appliance CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.5 U3s KB87081 None VMware vCenter Server 6.5.x Windows CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.5 U3s KB87096 None VMware Cloud Foundation 4.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 4.4 KB87095 None VMware Cloud Foundation 3.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.11 KB87095 None VMware HCX 4.3 Any CVE-2021-44228, CVE-2021-45046 N/A N/A Not Affected N/A N/A VMware HCX 4.2.x, 4.0.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 4.2.4 KB87104 None VMware HCX 4.1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 4.1.0.3 KB87104 None VMware NSX-T Data Center 3.1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.1.3.5 KB87086 None VMware NSX-T Data Center 3.0.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.0.3.1 KB87086 None VMware NSX-T Data Center 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.5.3.4 KB87086 None VMware Unified Access Gateway 21.x, 20.x, 3.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2111.1 KB87092 None VMware Workspace ONE Access 21.x, 20.10.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87183 KB87090 None VMware Identity Manager 3.3.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.3.6 KB87093 None VMware Site Recovery Manager, vSphere Replication 8.5.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.5.0.2 KB87098 None VMware Site Recovery Manager, vSphere Replication 8.4.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.4.0.4 KB87098 None VMware Site Recovery Manager, vSphere Replication 8.3.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.3.1.5 KB87098 None VMware vCenter Cloud Gateway 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87081 KB87081 None VMware Workspace ONE Access Connector (VMware Identity Manager Connector) 21.08.0.1, 21.08, 20.10, 19.03.0.1 Windows CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87184 KB87091 None VMware Horizon DaaS 9.1.x, 9.0.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87101 KB87101 None VMware Horizon Cloud Connector 1.x, 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.1.2 None None VMware NSX Data Center for vSphere 6.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.4.12 KB87099 None VMware AppDefense Appliance 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical N/A UeX 109180 None VMware Cloud Director Object Storage Extension 2.1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.1.0.1 KB87102 None VMware Cloud Director Object Storage Extension 2.0.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.0.0.3 KB87102 None VMware Telco Cloud Operations 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.4.0.1 KB87143 None VMware Smart Assurance NCM 10.1.6.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 10.1.6.1 KB87113 None VMware Smart Assurance SAM [Service Assurance Manager] 10.1.5 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 10.1.5.5 KB87119 None VMware Smart Assurance SAM [Service Assurance Manager] 10.1.0.x, 10.1.2 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 10.1.2.16 KB87119 None VMware Integrated OpenStack 7.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 7.2 KB87118 None VMware Cloud Provider Lifecycle Manager 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.2.0.1 KB87142 None VMware SD-WAN VCO 4.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87158 KB87158 None VMware NSX Intelligence 1.2.x, 1.1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.2.1.1 KB87150 None VMware Horizon Agents Installer 21.x.x, 20.x.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87157 KB87157 None VMware Smart Assurance M&R 6.8u5, 7.0u8, 7.2.0.1 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87161 KB87161 None Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation VMware Carbon Black Cloud Workload Appliance 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.1.2 UeX 190167 None VMware Carbon Black EDR Server 7.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 7.6.1 UeX 109183 None Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation VMware vRealize Automation 8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.6.2 KB87120 None VMware vRealize Automation 7.6 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB70911 KB87121 None VMware vRealize Business for Cloud 7.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87539 KB87127 None VMware vRealize Lifecycle Manager 8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.6.2 KB87097 None VMware vRealize Log Insight 8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87519 KB87089 None VMware vRealize Network Insight 6.x, 5.3 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.5.1 KB87135 None VMware vRealize Operations 8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87076 KB87076 None VMware vRealize Operations Cloud (Cloud Proxy) Any Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical Q4FY22 Cloud Update KB87080 None VMware vRealize Operations Tenant App for VMware Cloud Director 2.5 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.5.1 KB87187 None VMware vRealize Orchestrator 8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 8.6.2 KB87120 None VMware vRealize Orchestrator 7.6 Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB70629 KB87122 None VMware vRealize True Visibility Suite Any Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical KB87136 KB87136 None Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation App Metrics 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.1.2 None None API Portal for VMware Tanzu 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.0.8 None None Healthwatch for Tanzu Application Service 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.1.8 None None Healthwatch for Tanzu Application Service 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.8.7 None None Single Sign-On for VMware Tanzu Application Service 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.14.6 None None Spring Cloud Gateway for Kubernetes 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.0.7 None None Spring Cloud Gateway for VMware Tanzu 1.1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.1.4 None None Spring Cloud Gateway for VMware Tanzu 1.0.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.0.19 None None Spring Cloud Services for VMware Tanzu 3.x Any CVE-2021-44228, CVE-2021-45046 !0.0, 9.0 critical 3.1.27 None None Spring Cloud Services for VMware Tanzu 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.1.10 None None VMware Greenplum Text 3.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.8.1 Article Number 13256 None VMware Harbor Container Registry for TKGI 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.4.1 Article Number 13263 None VMware Tanzu Application Service for VMs 2.12.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.12.5 Article Number 13265 None VMware Tanzu Application Service for VMs 2.11.x Any CVE-2021-44228, CVE-45046 10.0, 9.0 critical 2.11.13 Article Number 13265 None VMware Tanzu Application Service for VMs 2.10.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.10.24 Article Number 13265 None VMware Tanzu Application Service for VMs 2.9.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.9.30 Article Number 13265 None VMware Tanzu Application Service for VMs 2.8.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.8.30 Article Number 13265 None VMware Tanzu Application Service for VMs 2.7.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.7.44 Article Number 13265 None VMware Tanzu GemFire 9.10.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 9.10.13 Article Number 13255 None VMware Tanzu GemFire 9.9.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 9.9.7 Article Number 13255 None VMware Tanzu GemFire for VMs 1.14.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.14.2 Article Number 13262 None VMware Tanzu GemFire for VMs 1.13.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.13.5 Article Number 13262 None VMware Tanzu GemFire for VMs 1.12.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.12.4 Article Number 13262 None VMware Tanzu Greenplum Platform Extension Framework 6.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 6.2.1 Article Number 13256 None VMware Tanzu Kubernetes Grid Integrated Edition 1.13.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.13.1 Article Number 13263 None VMware Tanzu Kubernetes Grid Integrated Edition 1.10.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.10.8 Article Number 13263 None VMware Tanzu Observability by Wavefront Nozzle 3.x, 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 3.0.4 None None VMware Tanzu Observability Proxy 10.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 10.12 Article Number 13272 None VMware Tanzu Operations Manager 2.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 2.10.25 Article Number 13264 None VMware Tanzu Scheduler 1.x Any CVE-2021-44228, CVE-2021-45046 10.0, 9.0 critical 1.6.1 Article Number 13280 None 4. REFERENCES FIRST CVSSv3 Calculator: CVE-2021-44228: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10.0) CVE-2021-45046: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H (9.0) Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 5. CHANGE LOG 2021-12-10: VMSA-2021-0028 Initial security advisory. 2021-12-11: VMSA-2021-0028.1 Updated advisory with workaround information for multiple products including vCenter Server Appliance, vRealize Operations, Horizon, vRealize Log Insight, Unified Access Gateway. 2021-12-13: VMSA-2021-0028.2 Revised advisory with updates to multiple products. 2021-12-15: VMSA-2021-0028.3 Revised advisory with updates to multiple products. In addition, added CVE-2021-45046 information and noted alignment with new Apache Software Foundation guidance. 2021-12-17: VMSA-2021-0028.4 Revised advisory with updates to multiple products. 2021-12-20: VMSA-2021-0028.5 Added a note on current CVE-2021-45105 investigations. 2021-12-21: VMSA-2021-0028.6 Revised advisory with updates to multiple products, including vRealize Operations and vRealize Log Insight. 2021-12-22: VMSA-2021-0028.7 Revised advisory with updates to multiple products, including HCX. 2021-12-24: VMSA-2021-0028.8 Revised advisory with updates to multiple products, including NSX-T, TKGI and Greenplum. 2022-01-19: VMSA-2021-0028.9 Revised advisory with updates to multiple products, including vRealize Automation, vRealize Orchestrator, NSX Intelligence, and vRealize Lifecycle Manager. 2022-01-27: VMSA-2021-0028.10 Revised advisory with updates to multiple products, including vCenter Server. 2022-02-08: VMSA-2021-0028.11 Revised advisory with updates to vCenter Server 6.7.x & 6.5.x. 2022-02-10: VMSA-2021-0028.12 Revised advisory with updates to VMware Cloud Foundation 4.x. 2022-02-14: VMSA-2021-0028.13 Revised advisory with updates to VMware Cloud Foundation 3.x. 6. CONTACT E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2021 VMware Inc. All rights reserved. Company About Us Executive Leadership News & Stories Investor Relations Customer Stories Diversity, Equity & Inclusion Environment, Social & Governance Careers Blogs Communities Acquisitions Office Locations VMware Cloud Trust Center COVID-19 Resources Support VMware Customer Connect Support Policies Product Documentation Compatibility Guide End User Terms & Conditions California Transparency Act Statement Twitter YouTube Facebook LinkedIn Contact Sales -------------------------------------------------------------------------------- © 2022 VMware, Inc. Terms of Use Your California Privacy Rights Privacy Accessibility Site Map Trademarks Glossary Help COOKIE PREFERENCE CENTER GENERAL INFORMATION ON COOKIES GENERAL INFORMATION ON COOKIES When you visit our website, we use cookies to ensure that we give you the best experience. This information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies by clicking on the different category headings to find out more and change your settings. However, blocking some types of cookies may impact your experience on the site and the services we are able to offer. Further information can be found in our Cookie Policy. * STRICTLY NECESSARY STRICTLY NECESSARY Always Active Strictly Necessary Strictly necessary cookies are always enabled since they are essential for our website to function. They enable core functionality such as security, network management, and website accessibility. You can set your browser to block or alert you about these cookies, but this may affect how the website functions. For more information please visit www.aboutcookies.org or www.allaboutcookies.org. Cookie Details * PERFORMANCE PERFORMANCE Performance Performance cookies are used to analyze the user experience to improve our website by collecting and reporting information on how you use it. They allow us to know which pages are the most and least popular, see how visitors move around the site, optimize our website and make it easier to navigate. Cookie Details * FUNCTIONAL FUNCTIONAL Functional Functional cookies help us keep track of your past browsing choices so we can improve usability and customize your experience. These cookies enable the website to remember your preferred settings, language preferences, location and other customizable elements such as font or text size. If you do not allow these cookies, then some or all of these services may not function properly. Cookie Details * ADVERTISING ADVERTISING Advertising Advertising cookies are used to send you relevant advertising and promotional information. They may be set through our site by third parties to build a profile of your interests and show you relevant advertisements on other sites. These cookies do not directly store personal information, but their function is based on uniquely identifying your browser and internet device. Cookie Details * SOCIAL MEDIA SOCIAL MEDIA Social Media Social media cookies are intended to facilitate the sharing of content and to improve the user experience. These cookies can sometimes track your activities. We do not control social media cookies and they do not allow us to gain access to your social media accounts. Please refer to the relevant social media platform’s privacy policies for more information. Cookie Details Back Button ADVERTISING COOKIES Filter Button Consent Leg.Interest Select All Vendors Select All Vendors Select All Hosts Select All * REPLACE-WITH-DYANMIC-HOST-ID View Third Party Cookies * Name cookie name Clear Filters Information storage and access Apply Confirm My Choices Allow All We use cookies to provide you with the best experience on our website, to improve usability and performance and thereby improve what we offer to you. Our website may also use third-party cookies to display advertising that is more relevant to you. By clicking on the “Accept All” button you agree to the storing of cookies on your device. If you want to know more about how we use cookies, please see our Cookie Policy. Cookie Settings Accept All Cookies