[Security-announce] VMSA-2021-0028 Updates

VMSA-2021-0028 – VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Please see the updated advisory here: www.vmware.com/security/advisories/VMSA-2021-0028.html
Changelog: 2021-12-20: VMSA-2021-0028.5 Added a note on current CVE-2021-45105 investigations.
“A new vulnerability identified by CVE-2021-45105 has been disclosed by the Apache Software Foundation that impacts log4j releases prior to 2.17 in non-default configurations. Shortly after this announcement VMware began investigating the potential impact of this vulnerability. At the time of this update, we have not found a valid attack vector to exploit CVE-2021-45105 in any VMware products, but investigations will continue. VMware will update log4j to 2.17 in future releases of our products.”
You are receiving this alert because you are subscribed to the VMware Security Announcements mailing list. To modify your subscription or unsubscribe please visit lists.vmware.com/mailman/listinfo/security-announce. —–BEGIN PGP SIGNATURE—–
iF0EARECAB0WIQQATpKvqUhghXJhavw/xTN5GfcH8QUCYcDRjwAKCRA/xTN5GfcH 8ZusAJ9LE0kcG/dWpIPwED+v93EXPYn4XACfcV0e9QWFgNu4mVCrELLuc7mkvLY= =2fII —–END PGP SIGNATURE—– _______________________________________________ Security-announce mailing list Security-announce@lists.vmware.com lists.vmware.com/mailman/listinfo/security-announce