VMware Cloud Community
daniel_Dremiere
Contributor
Contributor

LOG4J vulnerability on VMWare vcenter 6.0.0

Hi,

We still have a VMWare vcenter 6.0.0

I 'd like to know if this version is affected by log4j vulnerability.

Checking VMSA-2021-0028.8 (vmware.com) they speak only about workaround and future patch for 6.5 and 6.7

What about 6.0 ? infected as well or not ?

Many thx by advance

Rgds

Daniel

Reply
0 Kudos
2 Replies
a_p_
Leadership
Leadership

Support for vSphere 6.0 ended in March 2020, so I don't think that VMware will release patches for that version anymore.
What you can do is to run one of the available detection tools, compare the results with the instructions given for later vCenter Server versions, and try those modifications after backing up (snapshotting) your vCenter Server instance.

André

Reply
0 Kudos
gazjay2093103
Contributor
Contributor

https://kb.vmware.com/s/article/87081?lang=en_US#vCenter60

Manually remove it.


NotevCenter Server Appliance versions 6.0GA - 6.0U3i are not vulnerable. However, versions 6.0 U3a/b/c/d/e/f were found to contain the following unused vulnerable jar files. No impact on the product has been observed after removing these jar files.

Reply
0 Kudos