vCloud

 View Only

  • 1.  Apache Log4j2 Remote Code Execution Vulnerability Alert

    Posted Dec 10, 2021 08:40 AM

    https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/

    Anyone know if this is something that impacts Cloud director. And so. How to/where to  pass log4j2.formatMsgNoLookups=true in the configuration?

     

    CVE-2021-44228

     

     



  • 2.  RE: Apache Log4j2 Remote Code Execution Vulnerability Alert

    Posted Dec 12, 2021 10:32 AM

    I've been wondering about the same thing - nothing to be seen in any of the log4j communication about Cloud Director, even though the system clearly runs a Java stack, and is explicitly designed to be made accessible from the public Internet (in contrast to most other products).



  • 3.  RE: Apache Log4j2 Remote Code Execution Vulnerability Alert

    Posted Dec 12, 2021 06:06 PM

    It seems Cloud Director is "not impacted": https://kb.vmware.com/s/article/87068?lang=en_US



  • 4.  RE: Apache Log4j2 Remote Code Execution Vulnerability Alert

    Posted Dec 12, 2021 09:51 PM

    For the latest information regardingCVE-2021-44228 - Remote code execution vulnerability via Apache Log4j  - Please go here https://www.vmware.com/security/advisories/VMSA-2021-0028.html 



  • 5.  RE: Apache Log4j2 Remote Code Execution Vulnerability Alert

    Posted Dec 13, 2021 05:10 PM

    Content is being update frequently  

    For Tanzu you can find updated KBs and Answers here

    For VMware Core you can find updates KBs and Answers here



  • 6.  RE: Apache Log4j2 Remote Code Execution Vulnerability Alert

    Posted Dec 13, 2021 09:52 AM

    A moderator may move this thread to the area for vCD.