10 Technology Vendors Affected By The Log4j Vulnerability
Vulnerable Log4j code can be found in products from some of the most prominent technology vendors like Cisco, IBM, and VMware, and as well as one serving the MSP community like ConnectWise and N-able.
The critical Log4j vulnerability may allow for remote code execution in nearly 40 affected VMware products, and the Palo Alto, Calif.-based company said that exploitation attempts in the wild have been confirmed. A malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system, according to the company.
Many of the affected products are in the Tanzu, vRealize, Spring Cloud or Carbon Black families. VMware has rolled out a workaround for most of the products where Log4j has been detected, while a patch is available for roughly a third of the impacted products.
“Like other software vendors who use Log4j in their products, VMware found out about this in a zero-day scenario and is now working nonstop to help protect customers and test updates,” VMware wrote in a FAQ.