LINK It is not easy to be concise in listing VMware products affected by Log4j. So goto the link above for details.
Tag: log4j
SolarWinds Serv-U Actively being Attacked using Log4j Vulnerability
LINK If you needed more evidence to see how mad log4j could be, here you go.
Log4J Links to Info
MSSPalert has some good content that I wanted to Share for those that are needing Log4j info. Log4j Timeline of Events, Attacks, Advice Patches – LINK Log4j Scanners and Threat Hunters – LINK
ICS Vendors – log4j vulnerability responses
LINK Take a look at the responses from the ICS vendors to get a clue on their log4j vulnerabilities
FTC issues threats to MSPs and MSSPs
LINK The FTC has issued threats to MSPs and MSSPs that if log4j vulnerabilities are not fixed and breaches occur there may be legal actions coming your way.
Log4j Scanners
LINK There are 19 tools, and each has certain stipulations with it. I would suggest take a look.
CISA, FBI, NSA release Log4j Scanner
LINK The government agencies have put out a scanner jointly. Might be useful if you do not have a full fledged vulnerability scanner already.
CISA releases good Information pertaining to the Log4Shell and other Log4J vulnerabilities
LINK Great information to keep up on.
Crowdstrike Produces a Log4J Quick Reference Guide to help
LINK If you need a little help getting up to speed, this may help.
Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released
LINK Just like we needed more on this issue. A second Vulnerability was found and released. Not as devastating as the previous, but with the attention, deal with it all the same. Make sure your version is up to 2.16.0