VMware released VMSA-2021-0028 to track the impact of an Apache Software Foundation security advisory for their extremely popular Log4j Java logging component on VMware products and services. These advisories outline critical remote code execution vulnerabilities in the Log4j component, scoring 10 of 10 on the Common Vulnerability Scoring System (CVSS) for all affected VMware products.
This update needs your immediate attention because the log4j component is used by many vendors and software packages, not just in VMware products, but also for all other software in your environment. The updated advisory means that all systems should be reevaluated. Threat intelligence experts across the industry are observing active attacks based on these vulnerabilities, especially against workloads accessible from the Internet.
What is Log4J?
Log4J is an open-source logging framework that developers use to record actions and activities within their applications. It is used by platforms such as: Minecraft, VMware, Elasticsearch, Apple, Cloudflare, Amazon Web Services, and Tesla, along with various Apache platforms such as Struts, Druid, ActiveMQ, Flume, Hadoop and Kafka, among many others.
Take a look at the following website to check if patches are already released. Remember, all VMware products are affected and this vulnerability has a rating of 10 in 10.