Description

Due to vulnerabilities in Log4j library used by vCenter, an unauthenticated attacker can leak sensitive information or execute arbitrary code on the system.

Remediation

Upgrade to the latest version of VMware Horizon

References

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities

Related Vulnerabilities

Remote code execution of user-provided local names in Rails

SAP Hybris Deserialization RCE

Jboss Application Server HTTPServerILServlet.java remote code execution

Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)

Paperclip gem SSRF (Server side request forgery)

Severity

High

Classification

CVE-2021-44228 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Acumonitor