Selam arkadaşlar,  36 saat içinde birçok güvenlik update yayınlandı. Etkilenen sistemleri ve kritiklik seviyesi aşağıdadır.

Critical

VMSA-2021-0028.13

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

Etkilenen Ürünler:

  • VMware Horizon
  • VMware vCenter Server
  • VMware HCX
  • VMware NSX-T Data Center
  • VMware Unified Access Gateway
  • VMware WorkspaceOne Access
  • VMware Identity Manager
  • VMware vRealize Operations
  • VMware vRealize Operations Cloud (Cloud Proxy)
  • VMware vRealize Automation
  • VMware vRealize Lifecycle Manager
  • VMware Site Recovery Manager, vSphere Replication
  • VMware Carbon Black Cloud Workload Appliance
  • VMware Carbon Black EDR Server
  • VMware Tanzu GemFire
  • VMware Tanzu GemFire for VMs
  • VMware Tanzu Greenplum Platform Extension Framework
  • VMware Greenplum Text
  • VMware Tanzu Operations Manager
  • VMware Tanzu Application Service for VMs
  • VMware Tanzu Kubernetes Grid Integrated Edition
  • VMware Tanzu Observability by Wavefront Nozzle
  • Healthwatch for Tanzu Application Service
  • Spring Cloud Services for VMware Tanzu
  • Spring Cloud Gateway for VMware Tanzu
  • Spring Cloud Gateway for Kubernetes
  • API Portal for VMware Tanzu
  • Single Sign-On for VMware Tanzu Application Service
  • App Metrics
  • VMware vCenter Cloud Gateway
  • VMware vRealize Orchestrator
  • VMware Cloud Foundation
  • VMware Workspace ONE Access Connector
  • VMware Horizon DaaS
  • VMware Horizon Cloud Connector
  • VMware NSX Data Center for vSphere
  • VMware AppDefense Appliance
  • VMware Cloud Director Object Storage Extension
  • VMware Telco Cloud Operations
  • VMware vRealize Log Insight
  • VMware Tanzu Scheduler
  • VMware Smart Assurance NCM
  • VMware Smart Assurance SAM [Service Assurance Manager]
  • VMware Integrated OpenStack
  • VMware vRealize Business for Cloud
  • VMware vRealize Network Insight
  • VMware Cloud Provider Lifecycle Manager
  • VMware SD-WAN VCO
  • VMware NSX Intelligence
  • VMware Horizon Agents Installer
  • VMware Tanzu Observability Proxy
  • VMware Smart Assurance M&R
  • VMware Harbor Container Registry for TKGI
  • VMware vRealize Operations Tenant App for VMware Cloud Director
  • VMware vRealize True Visibility Suite

Important

VMSA-2022-0001.2

VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)

  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion
  • VMware Cloud Foundation

Important

VMSA-2021-0027.1

VMware vCenter Server updates address arbitrary file read and SSRF vulnerabilities (CVE-2021-21980, CVE-2021-22049)

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

Critical

VMSA-2022-0004

VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050)

  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Cloud Foundation (Cloud Foundation)

Important

VMSA-2022-0005

VMware NSX Data Center for vSphere update addresses CLI shell injection vulnerability (CVE-2022-22945)

  • VMware NSX Data Center for vSphere (NSX-V)