VMware Horizon Community
Super6VCA
Expert
Expert
‎10-17-2022 05:49 AM
Jump to solution

Secure Access Questions

We have been running Horizon for quite some time now and recently our Cyber Security Insurance provider did a test and they tell us that the HTML access from outside is not secure ever since the Log4J threat came out.  We tried to setup a reverse proxy to mitigate that but When they come to our View site and choose the HTML option the login prompt shows up (as it should) and they tell us that is not secure.  The Questions I have are, is there a way to secure that any way?  I know we can take that option off the webpage but we have users in remote locations that have to use the HTML version since some hospitals will not allow us to install the Horizon. Client.  If anyone has a n idea that would be awesome.  Any questions or comments are welcome. 

We are running Horizon 8 2011 currently and running it on Vsphere 7 U3c  soon to be updated

 

Thanks!

Thank you, Perry
0 Kudos
1 Solution

Accepted Solutions
Mickeybyte
Hot Shot
Hot Shot
‎10-17-2022 05:57 AM
Jump to solution

@Super6VCA 

Please check Log4j CVE-2021-44228 and CVE-2021-45046 in VMware Horizon and VMware Horizon Agent (on-premises) (87... for details on what you can/must do on the different Horizon components to prevent abuse of the log4j vulnerablility. 

 


Regards,
Mickeybyte (ITPro blog)

If you found this comment useful or an answer to your question, please mark as 'Solved' and/or click the 'Kudos' button, please ask follow-up questions if you have any.

View solution in original post

3 Replies
Mickeybyte
Hot Shot
Hot Shot
‎10-17-2022 05:57 AM
Jump to solution

@Super6VCA 

Please check Log4j CVE-2021-44228 and CVE-2021-45046 in VMware Horizon and VMware Horizon Agent (on-premises) (87... for details on what you can/must do on the different Horizon components to prevent abuse of the log4j vulnerablility. 

 


Regards,
Mickeybyte (ITPro blog)

If you found this comment useful or an answer to your question, please mark as 'Solved' and/or click the 'Kudos' button, please ask follow-up questions if you have any.
Super6VCA
Expert
Expert
‎10-18-2022 08:20 AM
Jump to solution

Is there anywhere that states that the log4j vulnerability is rectified if all settings are applied?  The issue is with the our insurance provider.  The issue is that all of our doctors need to have access to the HTML version because of the locations that they work in.  I am trying to setup a call with VMware support to see if they can assist.  Thank for the reply.  Any comments or suggestion are welcome.  Thanks again!

Thank you, Perry
0 Kudos
Mickeybyte
Hot Shot
Hot Shot
‎10-25-2022 11:35 PM
Jump to solution

I think the only "official" statement can come from VMware support. 


Regards,
Mickeybyte (ITPro blog)

If you found this comment useful or an answer to your question, please mark as 'Solved' and/or click the 'Kudos' button, please ask follow-up questions if you have any.
0 Kudos