VM ACCESS PROXY - LOG4J2.XML library version used is exposed to VULNERABILITY ( CVE-2021-44228 )

VM Access Proxy 
  
Snow Software provided guidance regarding the Log4j vulnerability (CVE-2021-44228) on 15th December 2021 and 16th December 2021 based on recommendations from the Apache Software Foundation. This KB includes updated guidance (21 December 2021) based on a new Log4j vulnerability (CVE-2021-45105).      
 
Flaws in Log4j. a key Java-logging framework developed by the open-source Apache Software Foundation, are the most high-profile security vulnerabilities on the internet right now. The two Log4j vulnerabilities reported by cve.mitre.org are as follows:
 

• CVE-2021-44228 comes with a severity score of 10 out of 10.  Snow Software, with many other companies across the globe, became aware of this vulnerability on Friday, December 10, 2021. In response, on 20 December 2021, Snow Software released Commander 8.10.0/8.10.1 and VM Access Proxy 3.6 (versions that included Log4j 2.16.0 that was reported by Apache Software Foundation to address CVE-2021-44228).  .
   
• CVE-2021-45105 comes with a severity score of 7.5 out of 10. Regretfully, Snow Software became aware of this flaw after releasing Commander 8.10.0/8.10.1 and VM Access Proxy 3.6.  

• Affected versions:  VM Access Proxy 3.4 through VM Access Proxy 3.6 
• CVE record(s): CVE-2021-44228 and CVE-2021-45105
• Snow Recommendation 
  • Customers should upgrade to VM Access Proxy 3.7 at the earliest opportunity. This version contains Log4j 2.17.0, which the Apache Software Foundation states will address CVE-2021-45105.