Description

Due to vulnerabilities in Log4j library used by vCenter, an unauthenticated attacker can leak sensitive information or execute arbitrary code on the system.

Remediation

Upgrade to the latest version of VMware Horizon

References

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities

Related Vulnerabilities

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950

WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)

WordPress Plugin Google Drive for WordPress Information Disclosure (2.2)

Jboss Application Server HTTPServerILServlet.java remote code execution

Severity

High

Classification

CVE-2021-44228 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

Acumonitor Code Execution Information Disclosure