Skip main navigation (Press Enter).

VMware vSphere

View Only

Back to discussions

Expand all | Collapse all

Apache Log4j 1.2 Remote Code Execution Vulnerability CVE: CVE-2021-4104

Tony HollomanFeb 17, 2022 02:49 PM

Has anyone heard of this CVE notification? If So how is it fixed?

sramanujaFeb 25, 2022 07:18 PM

What version of vSphere/vCenter are you running? The ESX hypervisor is not affected by log4j since ...

1. Apache Log4j 1.2 Remote Code Execution Vulnerability CVE: CVE-2021-4104

Recommend
Tony Holloman
Posted Feb 17, 2022 02:49 PM

Reply Reply Privately
Has anyone heard of this CVE notification? If So how is it fixed?
2. RE: Apache Log4j 1.2 Remote Code Execution Vulnerability CVE: CVE-2021-4104

Recommend
sramanuja
Posted Feb 25, 2022 07:18 PM

Reply Reply Privately
What version of vSphere/vCenter are you running?
The ESX hypervisor is not affected by log4j since it is not used (https://kb.vmware.com/s/article/87068).
vCenter is affected though and the workarounds are mentioned here: https://kb.vmware.com/s/article/87068 . This article applies to 6.0, 6.5, 6.7 and 7.0

If you're looking for older versions, check the following community thread: https://communities.vmware.com/t5/VMware-vSphere-Discussions/Is-VSphere-5-5-0-also-impacted-Log4j/m-p/2883638#M41082

Copyright 2024. All rights reserved.

Powered by Higher Logic

Global message icon