Description

Due to vulnerabilities in Log4j library used by vCenter, an unauthenticated attacker can leak sensitive information or execute arbitrary code on the system.

Remediation

Upgrade to the latest version of VMware vCenter

References

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities

Related Vulnerabilities

ZK Framework AuUploader Information Disclosure (CVE-2022-36537)

Liferay TunnelServlet Deserialization Remote Code Execution

Deserialization of Untrusted Data (Java JSON Deserialization) Genson

WordPress Plugin Find My Blocks Information Disclosure (3.3.2)

DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822

Severity

High

Classification

CVE-2021-44228 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Acumonitor Code Execution Information Disclosure