VMware has released security advisories to address security vulnerabilities in multiple products. The first advisory is released for Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046) that impact Vmware products. Full list of impacted Vmware products and fixed versions and workarounds can be found in this advisory – VMSA-2021-0028.

The second advisory describes SSRF vulnerability (CVE-2021-22054) in VMware Workspace ONE UEM console. VMware has evaluated this issue with a CVSSv3 base score of 9.1. A malicious actor may exploit this issue to gain access to sensitive information. Fixes and workarounds for CVE-2021-22054 vulnerability can be found in this advisory – VMSA-2021-0029.

Vmware has also released security updates to address multiple vulnerabilities (CVE-2021-22056, CVE-2021-22057) in VMware Workspace ONE Access, Identity Manager and vRealize Automation – VMSA-2021-0030.