In response to the industry-wide critical issue regarding the Open Source Apache Software Foundation log4j Java logging component, VMware HealthAnalyzer has been updated to mitigate the critical vulnerability identified in CVE-2021-4428, CVE-2021-45046 and CVE-2021-45105. These vulnerabilities are a 10/10 and 7.5/10 on the severity scale, and many companies will be urgently patching to address this issue.
Please partner with our customers to protect them from this critical vulnerability.
Required Actions for Customers
- Work with your customers to remove all versions of VMware HealthAnalyzer installs.
- Replace the existing installs with the updated version, which can be found on Partner Connect
Required Actions for Partners
- Partners should check all their corporate devices and personal environments that currently, or have previously, hosted older versions of VMware HealthAnalyzer.
- Remove all prior versions of VMware HealthAnalyzer installs and replace with the updated versions found on Partner Connect
Install and Uninstall Instructions
To uninstall the Java version of HealthAnalyzer, remove the installation folder and all associated files. For virtual appliances, power off, and then remove and delete the VM from the inventory of your chosen hypervisor. Detailed instructions for installing and uninstalling can be found in the installation and user guide.
A new license key will need to be requested and will only be valid for the published version of vHA.
The license key will fail if you try to log in using a previous version.