Apache Log4j vulnerability and VMware

Apache Log4j, an open-source logging software used in everything from online games to enterprise software and cloud data centers, has a severe security vulnerability that has security teams all over the world working frantically to correct it.

The internet has been on high alert as hackers increase their efforts to target vulnerable systems, owing to its broad use.

Log4j is widely adopted in both cloud and web applications and what may cause a problem for organizations is that there is not always an awareness that it is in use.

VMware has rated this vulnerability as a 10 out of 10 in the Common Vulnerability Scoring System for all affected VMware products. 

Log4j is used by VMware but can also be used by other vendors and software. If you are affected, this requires immediate action. Since VMware is using Log4j, their products and users are impacted by this. In VMSA-2021-0028 & Log4j: What You Need to Know, you can find more information about the vulnerability related to VMware. 

If you are using VMware and need more information regarding the specific product you may face an issue e with, take a look at Advisory VMSA-2021-0028.2. This post contains both the products that are being affected, as well as potential workarounds and patches. 

OpsLogix and Log4j

The OpsLogix VMware Management Pack does not face this issue as Log4j is not included in our products. A while back, we conducted a survey to find out the areas of the product development of the VMware MP our users were interested in, where "Security & Compliance" were one of several options. 

We continue to work on product improvements and development of our Management Packs, therefore the survey is still available and possible to take part in. This way we can adjust new features and improvements for future versions. 

For any other questions of the impact of the Log4j vulnerability related to your VMware products you'll find them in the VMSA-2021-0028: Questions & Answers.