Log4J – What is it?
The Log4j vulnerability, officially designated as CVE-2021-44228, is a critical security flaw found in the Apache Log4j library. This is widely used in Java-based applications for logging functionality. Log4j is a popular logging framework utilized by countless software applications and systems worldwide.
The vulnerability, discovered in December 2021, allows an attacker to execute arbitrary code remotely by exploiting a flaw in Log4j’s handling of certain types of input, particularly within log messages. Because Log4j commonly finds use in web applications, servers, and other software components, the vulnerability presents a significant risk to a wide range of systems and services.
The impact of this vulnerability was severe. If successfully exploited, it has the potential to completely compromise affected systems. This includes unauthorized access, data theft, and potentially even full control over the targeted environment. An attacker could exploit this vulnerability to execute malicious code, escalate privileges, or perform other unauthorized actions. The vulnerability’s impact significantly relies on the specific context in which organizations utilize the vulnerable Log4j library.
Due to the widespread use of Log4j in various software stacks, the vulnerability prompted urgent action from developers, system administrators, and vendors to patch affected systems and mitigate the risk. Many organizations released security updates and patches to address the Log4j vulnerability promptly. Due to the critical nature of this vulnerability, security advisories needed to issue in order to raise awareness and offer guidance on mitigating the risk.
Overall, the Log4j vulnerability underscored the importance of proactive security measures. This included timely patching, and robust vulnerability management practices in ensuring the security and integrity of software systems and infrastructure.
Workaround
Apply the workaround to your VMWare vCenter appliance. This covers vulnerability VMSA-2021-0028, CVE-2021-44228. You will need PuTTY and WinSCP for this.
VMWare KB87088: https://kb.vmware.com/s/article/87088
WinSCP SFTP Settings: shell /usr/libexec/sftp-server (Uncheck allow SFTP Fallback)
PuTTY: shell.set –enabled True