QID 376183

Date Published: 2021-12-16

QID 376183: VMware NSX-T Apache Log4j Remote Code Execution (RCE) Vulnerability (VMSA-2021-0028)

VMware NSX-T Data Center provides an agile software-defined infrastructure to build cloud-native application environments.

Affected Versions
VMware NSX-T versions from 2.5.0 to 3.1.3

QID Detection Logic (Authenticated):
The QID checks the vulnerable version of VMware NSX-T.

Note: Patch for this vulnerability is not available yet. We are unable to check the workaround through detection, hence this QID is a Potential Vulnerability.

A malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system.

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
  • Solution
    Currently, there is no resolution. Please check VMSA-2021-0028 for updates. Workaround:

    Refer to KB87081 for more information.

    CVEs related to QID 376183

    Software Advisories
    Advisory ID Software Component Link