Hi,
We still have a VMWare vcenter 6.0.0
I 'd like to know if this version is affected by log4j vulnerability.
Checking VMSA-2021-0028.8 (vmware.com) they speak only about workaround and future patch for 6.5 and 6.7
What about 6.0 ? infected as well or not ?
Many thx by advance
Rgds
Daniel
Support for vSphere 6.0 ended in March 2020, so I don't think that VMware will release patches for that version anymore.
What you can do is to run one of the available detection tools, compare the results with the instructions given for later vCenter Server versions, and try those modifications after backing up (snapshotting) your vCenter Server instance.
André
https://kb.vmware.com/s/article/87081?lang=en_US#vCenter60
Manually remove it.
Note: vCenter Server Appliance versions 6.0GA - 6.0U3i are not vulnerable. However, versions 6.0 U3a/b/c/d/e/f were found to contain the following unused vulnerable jar files. No impact on the product has been observed after removing these jar files.