AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
![]() Single Sign-On for VMware Tanzu Application Service (1.x).Spring Cloud Gateway for Kubernetes (1.x).Spring Cloud Gateway for VMware Tanzu (1.x).Spring Cloud Services for VMware Tanzu (3.x).Healthware for Tanzu Application Service (2.x, 1.x).VMware Tanzu Observability by Wavefront Nozzle (3.x, 2.x).VMware Tanzu Kubernetes Grid Integrated Edition (1.x).VMware Tanzu Application Service for VMs (2.x).VMware Carbon Black Cloud Workload Appliance (1.x).VMware Telco Cloud Automation (2.x, 1.x). ![]() VMware vRealize Operations Cloud Proxy (Any).VMware Workspace ONE Access (21.x, 20.x).VMware Unified Access Gateway (21.x, 20.x, 3.x).Randori has been in contact with the VMWare team to assist their development of mitigations ![]() Randori has validated exploitability with a working exploit, and anticipate widespread exploitation by threat actors imminently. Similarly to other high-profile vulnerabilities such as Heartbleed and Shellshock, we believe there will be an increasing number of vulnerable products discovered in the weeks to come. The Log4j 2 library is very frequently used in enterprise Java software. ![]() This post will be regularly updated, but f ollow for immediate updates. This is a critical vulnerability and impacted organizations should take immediate action. Randori has been in contact with VMware and is providing relevant information to their teams but will not release proof-of-concept code. The Randori Attack Team can confirm exploitability of VMWare products in live environments ( VMSA-2021-0028) via Log4j (CVE-2021-44228) aka “Log4Shell”. VMware has assigned VMSA-2021-0028 to this issue and has begun to release mitigations. This vulnerability, impacts multiple VMware products.
0 Comments
Read More
Leave a Reply. |