It seems like it is vulnerable, as it does have a vulnerable version of log4j in the horizon package. Working with my Linux admin, we updated /usr/lib/vmware/viewagent/log4j2.xml to modify PatternLayout from %m to %m{nolookups}. Hopefully that covers enough until VMware has some more information.

Manual procedure for Horizon Agent for Linux:

1. Based on your Linux distribution, one of following files will be present:

• /usr/lib/vmware/viewagent/bin/StartAgent.sh

• /etc/rc.d/init.d/viewagent

• /etc/init/viewagent.conf

• /etc/init.d/viewagent.suse

Find the one on your VM and edit it as the root user.

2. Find the text: -Dfile.encoding=UTF-8
3. Modify it to: -Dlog4j2.formatMsgNoLookups=true -Dfile.encoding=UTF-8 (Do not use copy/paste. Type the update manually.)
For example:

Before: exec ${exec} -Dfile.encoding=UTF-8
After: exec ${exec} -Dlog4j2.formatMsgNoLookups=true -Dfile.encoding=UTF-8

4. Save and exit the file.
5. Restart viewagent service by running command: sudo service viewagent restart

Verification procedure for Horizon Agent for Linux:

1. Run the following command in the agent: ps axf | grep --color log4j2.formatMsgNoLookups | grep -v grep
2. There should be output from the above command.  If there is no output the Horizon Linux Agent was not successfully modified.  Redo Step 1 above on the Horizon Linux Agent.

Output example:

 [root@fips-rh6 ~]# ps axf | grep --color=always log4j2.formatMsgNoLookups | grep -v grep

 2364 ?        Sl     3:17 /usr/lib/vmware/viewagent/jre/bin/java -Dlog4j2.formatMsgNoLookups=true -Dfile.encoding=UTF-8 -Djuds.folder.preferred=/usr/lib/vmware/viewagent -showversion -Xmx512m

Source: https://kb.vmware.com/s/article/87073