Description

Due to vulnerabilities in Log4j library used by vCenter, an unauthenticated attacker can leak sensitive information or execute arbitrary code on the system.

Remediation

Upgrade to the latest version of VMware Horizon

References

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities

Related Vulnerabilities

WordPress W3 Total Cache plugin predictable cache filenames

WordPress Plugin File Gallery Remote Code Execution (1.7.9)

JavaMelody XML External Entity (XXE) vulnerability

Remote code execution of user-provided local names in Rails

Apache Struts2 Remote Command Execution (S2-053)

Severity

High

Classification

CVE-2021-44228 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

Acumonitor Code Execution Information Disclosure