During the past week, the detection of CVE-2021-44228, a critical remote code execution (RCE) vulnerability in Log4j, the log library used by thousands of online platforms, was reported. The flaw has already been addressed by the Apache Software Foundation, although many users are still unaware of technical details about this security risk.
This report shows the behavior of this vulnerability in various VMware implementations, including Tanzu, vSphere, Site Recovery and Carbon Black, as well as its identification keys and scores according to the Common Vulnerability Scoring System (CVSS).
vSphere Replication: Incorrect input validation when processing LDAP requests in the affected application would allow remote threat actors to send specially crafted requests and execute arbitrary code on the affected system.
Successful exploitation of this vulnerability would put the affected systems at total risk, in addition to the enough active exploitation incidents that have already been detected.
The flaw received a CVSS score of 9.8/10 and resides in the following vSphere Replication versions: 8.1, 8.1.0.1, 8.1.0.2, 8.1.0.3, 8.1.0.4, 8.1.1, 8.1.2, 8.1.2.3, 8.2, 8.2.0.1, 8.2.0.2, 8.2.1, 8.2.1.1, 8.3, 8.3.0.1, 8.3.0.2, 8.3.1, 8.3.1.1, and 8.3.1.2.
VMware Tanzu Application Service: Incorrect input validation when processing LDAP requests would allow remote malicious hackers to send specially crafted requests to the application and execute arbitrary code on the exposed system. There are already known cases of active exploitation of this vulnerability.
The flaw received a CVSS score of 9.8/10 and resides in the following versions of VMware Tanzu Application Service: 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 2.3.11, 2.3.12, 2.3.13, 2.3.14, 2.3.15, 2.3.16, 2.3.17, 2.3.18, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.5.10, 2.5.11, 2.5.12, 2.5.13, 2.5.14, 2.5.15, 2.5.16, 2.5.17, 2.5.18, 2.5.19, 2.5.20, 2.5.21, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.6.18, 2.6.19, 2.6.20, 2.6.21, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9, 2.7.10, 2.7.11, 2.7.12, 2.7.15, 2.7.16, 2.7.17, 2.7.18, 2.7.19, 2.7.20, 2.7.21, 2.7.22, 2.7.23, 2.7.24, 2.7.25, 2.7.26, 2.7.27, 2.7.28, 2.7.29, 2.7.30, 2.7.31, 2.7.32, 2.7.33, 2.7.34, 2.7.35, 2.7.36, 2.7.37, 2.7.38, 2.7.39, 2.7.40, 2.7.41, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.8.12, 2.8.13, 2.8.14, 2.8.15, 2.8.16, 2.8.17, 2.8.18, 2.8.19, 2.8.20, 2.8.21, 2.8.22, 2.8.23, 2.8.24, 2.8.25, 2.8.26, 2.8.27, 2.8.28, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.9.9, 2.9.10, 2.9.11, 2.9.12, 2.9.13, 2.9.14, 2.9.15, 2.9.16, 2.9.17, 2.9.18, 2.9.19, 2.9.20, 2.9.21, 2.9.22, 2.9.23, 2.9.24, 2.9.25, 2.9.26, 2.9.27, 2.9.28, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.10.6, 2.10.7, 2.10.8, 2.10.9, 2.10.10, 2.10.11, 2.10.12, 2.10.13, 2.10.14, 2.10.15, 2.10.16, 2.10.17, 2.10.18, 2.10.19, 2.10.20, 2.10.21, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.11.4, 2.11.5, 2.11.6, 2.11.7, 2.11.8, 2.11.9, 2.12.0, 2.12.1 & 2.12.2.
vRealize Log Insight: Incorrect input validation when processing LDAP requests would allow remote threat actors to send a specially crafted request to the affected application and execute arbitrary code. This vulnerability has already been exploited in real scenarios and so far no functional solutions are known.
The flaw received a CVSS score of 9.8/10 and resides in the following vRealize Log Insight versions: 8.2.0, 8.2.0 18430722, 8.3.0, 8.3.0 18430451, 8.4.0, 8.4.1, 8.4.1 18603443 and 8.6.
Carbon Black EDR Server: Incorrect input validation when processing LDAP requests would allow remote hackers to send a specially crafted request to the affected application and execute arbitrary code on the attacked system.
This flaw received a CVSS score of 9.8/10 and resides in all versions of Carbon Black EDR Server prior to v7.6.0.
As you can see, the flaws are critical and have already been exploited in real scenarios, not to mention that so far only one of these issues has been addressed. For security, users of affected deployments are advised to stay on top of any updates announced by vulnerable library developers, in addition to minimizing the exposure of their systems to the maximum.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.