Folks,
I've followed the guidance regarding VMware HCX in article https://kb.vmware.com/s/article/87104 for the recent Log4J exploit documented in CVE-2021-44228 and I'm now running HCX 4.2.3. However, the new Log4J exploit documented in CVE-2021-45046 refers to the need for "removing support for message lookup patterns" and "disabling JNDI functionality by default". Are these fixes included in the HCX upgrade ver 4.2.3 which I applied previously?
There is no new guidance from VMware regarding the latest exploit and I can't find any reference to exactly what changes were made in HCX ver 4.2.3 so I have no idea if another HCX version is in the works or if the current version protects against the new exploit.
Any insight into this question would be helpful.
Thanks.