[Security-announce] VMSA-2021-0028 Updates

VMware Security Announcements security-announce at lists.vmware.com
Mon Dec 20 11:17:20 PST 2021


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

VMSA-2021-0028 - VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

Please see the updated advisory here: https://www.vmware.com/security/advisories/VMSA-2021-0028.html

Changelog:
2021-12-20: VMSA-2021-0028.5
Added a note on current CVE-2021-45105 investigations.

"A new vulnerability identified by CVE-2021-45105 has been disclosed by the Apache Software Foundation that impacts log4j releases prior to 2.17 in non-default configurations. Shortly after this announcement VMware began investigating the potential impact of this vulnerability. At the time of this update, we have not found a valid attack vector to exploit CVE-2021-45105 in any VMware products, but investigations will continue. VMware will update log4j to 2.17 in future releases of our products."

You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit https://lists.vmware.com/mailman/listinfo/security-announce.
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQQATpKvqUhghXJhavw/xTN5GfcH8QUCYcDRjwAKCRA/xTN5GfcH
8ZusAJ9LE0kcG/dWpIPwED+v93EXPYn4XACfcV0e9QWFgNu4mVCrELLuc7mkvLY=
=2fII
-----END PGP SIGNATURE-----


More information about the Security-announce mailing list