Apache Log4j2 Remote Code Execution Vulnerability ...

tomas_strand · ‎12-10-2021

https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-...

Anyone know if this is something that impacts Cloud director. And so. How to/where to pass log4j2.formatMsgNoLookups=true in the configuration?

CVE-2021-44228

abochmann · ‎12-12-2021

I've been wondering about the same thing - nothing to be seen in any of the log4j communication about Cloud Director, even though the system clearly runs a Java stack, and is explicitly designed to be made accessible from the public Internet (in contrast to most other products).

abochmann · ‎12-12-2021

It seems Cloud Director is "not impacted": https://kb.vmware.com/s/article/87068?lang=en_US

SMcClure1 · ‎12-12-2021

For the latest information regardingCVE-2021-44228 - Remote code execution vulnerability via Apache Log4j - Please go here https://www.vmware.com/security/advisories/VMSA-2021-0028.html

scott28tt · ‎12-13-2021

A moderator may move this thread to the area for vCD.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

SMcClure1 · ‎12-13-2021

Content is being update frequently

For Tanzu you can find updated KBs and Answers here

For VMware Core you can find updates KBs and Answers here

All

Apache Log4j2 Remote Code Execution Vulnerability Alert