On Friday, a vulnerability was detected in Apache that affects several VMware products where a user could access its operating system through the vulnerability of Apache and JAVA.

We can find the complete detail in the following link

Problem Description
Multiple products impacted by remote code execution vulnerability and partial denial of service vulnerability via Apache Log4j (CVE-2021-44228, CVE-2021-45046).

Known Attack Vectors
A malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system and/or perform a denial of service attack.

A malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system and/or perform a denial of service attack.

Workarounds for CVE-2021-44228 and CVE-2021-45046 are documented in the ‘Workarounds’ column of the ‘Response Matrix’ below.


  • Exploitation attempts in the wild have been confirmed by VMware.
  • A supplemental blog post & frequently asked questions list was created for additional clarification. Please see: https://via.vmw.com/vmsa-2021-0028-faq
  • Unaffected VMware products can be referred to on the Knowledge Base article: https://kb.vmware.com/s/article/87068
  • On December 14, 2021 the Apache Software Foundation notified the community that their initial guidance for CVE-2021-44228 workarounds were not sufficient in removing all possible attack vectors. In addition, a new vulnerability identified by CVE-2021-45046 was published. In response, VMware has aligned with the new guidance and will be updating associated documentation with workarounds and fixes to address both vulnerabilities completely.

Response Matrix:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Horizon8.x, 7.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87073None
VMware vCenter Server7.x, 6.7.x, 6.5.xVirtual ApplianceCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87081None
VMware vCenter Server6.7.x, 6.5.xWindowsCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87096None
VMware HCX4.2.x, 4.0.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87104None
VMware HCX4.1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87104None
VMware NSX-T Data Center3.x, 2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87086None
VMware Unified Access Gateway21.x, 20.x, 3.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87092None
VMware Workspace ONE Access21.x, 20.10.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87090None
VMware Identity Manager3.3.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87093None
VMware vRealize Operations8.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87076None
VMware vRealize Operations Cloud ProxyAnyAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87080None
VMware vRealize Automation8.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87120None
VMware vRealize Automation7.6AnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87121None
VMware vRealize Lifecycle Manager8.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87097None
VMware Carbon Black Cloud Workload Appliance1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingUeX 109167None
VMware Carbon Black EDR Server7.6.0, 7.5.x, 7.4.x, 7.3.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingUeX 109183None
VMware Site Recovery Manager, vSphere Replication8.3, 8.4, 8.5AnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87098None
VMware Tanzu GemFire9.10.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingArticle Number 13255None
VMware Tanzu GemFire for VMs1.14.x, 1.13.x, 1.10.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingArticle Number 13262None
VMware Tanzu Greenplum6.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingArticle Number 13256None
VMware Tanzu Operations Manager2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingArticle Number 13264None
VMware Tanzu Application Service for VMs2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingArticle Number 13265None
VMware Tanzu Kubernetes Grid Integrated Edition1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingArticle Number 13263None
VMware Tanzu Observability by Wavefront Nozzle3.x, 2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7critical3.0.4Workaround PendingNone
Healthwatch for Tanzu Application Service2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingWorkaround PendingNone
Healthwatch for Tanzu Application Service1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingWorkaround PendingNone
Spring Cloud Services for VMware Tanzu3.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7critical3.1.27NoneNone
Spring Cloud Services for VMware Tanzu2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7critical2.1.10NoneNone
Spring Cloud Gateway for VMware Tanzu1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingWorkaround PendingNone
Spring Cloud Gateway for Kubernetes1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7critical1.0.7Workaround PendingNone
API Portal for VMware Tanzu1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingWorkaround PendingNone
Single Sign-On for VMware Tanzu Application Service1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7critical1.14.6Workaround PendingNone
App Metrics2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingWorkaround PendingNone
VMware vCenter Cloud Gateway1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87081None
VMware vRealize Orchestrator8.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87120None
VMware vRealize Orchestrator7.6AnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87122None
VMware Cloud Foundation4.x, 3.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87095None
VMware Workspace ONE Access Connector (VMware Identity Manager Connector)21.x, 20.10.x,, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87091None
VMware Horizon DaaS9.1.x, 9.0.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87101None
VMware Horizon Cloud Connector1.x, 2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingWorkaround PendingNone
VMware NSX Data Center for vSphere6.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87099None
VMware AppDefense Appliance2.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingUeX 109180None
VMware Cloud Director Object Storage Extension2.1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingWorkaround PendingNone
VMware Cloud Director Object Storage Extension2.0.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87102None
VMware Telco Cloud Operations1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87143None
VMware vRealize Log Insight8.2, 8.3, 8.4, 8.6AnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87089None
VMware Tanzu Scheduler1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7critical1.6.1Article Number 13280None
VMware Smart Assurance NCM10.1.6AnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87113None
VMware Smart Assurance SAM [Service Assurance Manager]10.1.0.x, 10.1.2, 10.1.5,AnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87119None
VMware Integrated OpenStack7.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87118None
VMware vRealize Business for Cloud7.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87127None
VMware vRealize Network Insight5.3, 6.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87135None
VMware Cloud Provider Lifecycle Manager1.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7critical1.2.0.1KB87142None
VMware SD-WAN VCO4.xAnyCVE-2021-44228, CVE-2021-4504610.0, 3.7criticalPatch PendingKB87158None

How do I know which version is my Product?
In the following link you can find the list of build numbers

How to solve the vulnerability?
Applying the workarounds mentioned in the table, depending on the product.

Are there any other recommendations that could be implemented?
You may have other security controls in your environment that can help protect you until you are able to patch. Use network perimeter access controls or NSX IDS/IPS and NDR technologies to detect and contain attacks against your workloads. For Cloud Infrastructure products like VMware vSphere, VMware Cloud Foundation, and VMware Cloud, as well as cloud add-on components like the HCX, Site Recovery Manager, NSX-T, and Cloud Gateway Appliances, we strongly suggest limiting access to management interfaces to only Virtualization Admins. Drive any direct workload management activity through the VM network connections instead of the VM console. This simplifies access control and makes the RDP or ssh management traffic subject to other security controls, such as IDS/IPS and monitoring.

I have VCF, is it also affected?
Yes, because VCF contains several of the affected products. Review this link for products that are only in VCF

Is VMW on AWS also affected?
Cloud-based VMware services are protected and operational. Customers of VMware Cloud on AWS are protected as well. Some customers with overly permissive management gateway firewall rules have had action taken to reduce their exposure from scanning and exploit activity occurring across the Internet. Those affected have seen direct communications from VMware.

Closing Note
For more information, please visit VMSA-2021-0028 Questions & Answers

Leave a Reply

Your email address will not be published. Required fields are marked *