VMware Horizon Community
IPPDJ
Contributor
Contributor
‎12-20-2021 08:23 AM

Horizon Connection Servers Log4j

Hello,

It looks like most of the vulnerabilities with Horizon connection servers is related to HTML access.

Can we just disable HTML pool access in Horizon or is upgrading the connection servers absolutely needed?

Does the upgrade completely remove HTML as an option?

Labels (1)
Labels
Reply
0 Kudos
5 Replies
Jubish-Jose
Hot Shot
Hot Shot
‎12-20-2021 07:44 PM

Please see the KB https://kb.vmware.com/s/article/87073

According to this, we can remove HTML access component by reinstalling the Connection Servers, which should be good enough. 


-- If you find this reply helpful, please consider accepting it as a solution.
Reply
0 Kudos
IPPDJ
Contributor
Contributor
‎12-21-2021 05:28 AM

I did see this, this is a specific question that a solutions architect had instead of going through that process.

Uncertain if just disabling HTML access on the pool level would suffice or if reinstalling to make sure all the HTML stuff isn't even there is what is needed.

Reply
0 Kudos
sjesse
Leadership
Leadership
‎12-21-2021 06:03 AM

disabling html pool access, doesn't remove the html component like reinstalling does.

Reply
0 Kudos
IPPDJ
Contributor
Contributor
‎12-21-2021 06:07 AM

This is exactly where my head was at with this, I just wanted confirmation from the VMware side to show the SA.

Tags (1)
Reply
0 Kudos
sjesse
Leadership
Leadership
‎12-21-2021 06:08 AM

To be clear I don't work for VMware, to get a verified answer open an SR

Reply
0 Kudos