VMware is also not an exception to Log4j vulnerability and this one has impacted almost all the VMware products mentioned below.This is a pretty long list with more than 30+ products impacted by this vulnerability. Some of them have been patched already while the others are yet to be patched and it can be seen in the VMware advisory given below and impacts have been rated as critical so most probably it would be patched in a day or 2!! Here is the list of VMware products impacted.
- VMware Horizon
- VMware vCenter Server
- VMware HCX
- VMware NSX-T Data Center
- VMware Unified Access Gateway
- VMware WorkspaceOne Access
- VMware Identity Manager
- VMware vRealize Operations
- VMware vRealize Operations Cloud Proxy
- VMware vRealize Log Insight
- VMware vRealize Automation
- VMware vRealize Lifecycle Manager
- VMware Telco Cloud Automation
- VMware Site Recovery Manager, vSphere Replication
- VMware Carbon Black Cloud Workload Appliance
- VMware Carbon Black EDR Server
- VMware Tanzu GemFire
- VMware Tanzu Greenplum
- VMware Tanzu Operations Manager
- VMware Tanzu Application Service for VMs
- VMware Tanzu Kubernetes Grid Integrated Edition
- VMware Tanzu Observability by Wavefront Nozzle
- Healthwatch for Tanzu Application Service
- Spring Cloud Services for VMware Tanzu
- Spring Cloud Gateway for VMware Tanzu
- Spring Cloud Gateway for Kubernetes
- API Portal for VMware Tanzu
- Single Sign-On for VMware Tanzu Application Service
- App Metrics
- VMware vCenter Cloud Gateway
- VMware Tanzu SQL with MySQL for VMs
- VMware vRealize Orchestrator
- VMware Cloud Foundation
- VMware Workspace ONE Access Connector
- VMware Horizon DaaS
- VMware Horizon Cloud Connector
- VMware NSX Data Center for vSphere
- VMware AppDefense Appliance
- (Additional products will be added)
Source: https://www.vmware.com/security/advisories/VMSA-2021-0028.html