List of Nutanix Products affected by Log4j Vulnerability

Nutanix the American Cloud Company has been also affected by the Log4j vulnerability. They have come out with advisory about which products are vulnerable. Some of the Cloud services are vulnerable and the Nutanix Team has already patched and updated with WAF to prevent exploitation of the Vulnerability

Nutanix ProductVersionsStatusPatched?
AHVAll VersionsNot VulnerableNot Needed
AOS (Community Edition) All Versions Not VulnerableNot Needed
AOS (LTS) All Versions Not VulnerableNot Needed
AOS (STS) All VersionsVulnerablePatched
BeamSaaSVulnerablePatched
Beam GovSaas Vulnerable Patched
CalmOn-Prem VulnerablePatched
CalmSaaS Not Vulnerable Not Needed
Collector PortalSaaS Vulnerable Patched
CollectorAll Not Vulnerable Not Needed
Data LensSaaS Not Vulnerable Not Needed
Era All Versions Not Vulnerable Not Needed
File Analytics All Versions Vulnerable Patched
Files All Versions Not Vulnerable Not Needed
Flow All Versions Not Vulnerable Not Needed
Flow Security CentralSaaS Vulnerable Patched
Foundation All Versions Not Vulnerable Not Needed
Frame GovSaaS Vulnerable Patched
FrameSaaS Public Vulnerable Patched
FSCVMAll versions Investigation Not Needed
InsightsSaaS Not Vulnerable Not Needed
KarbonOn-PremInvestigation Mitigation
Karbon Platform ServiceSaaS Vulnerable Patched
LCM All Versions Not Vulnerable Not Needed
LeapSaaS Vulnerable Patched
Mine All Versions Vulnerable Mitigation
Move All Versions Not Vulnerable Not Needed
MSP All VersionsInvestigation Mitigation
NCC All Versions Not Vulnerable Not Needed
Objects All VersionsInvestigation Mitigation
Prism Central All VersionsVulnerable Patched
Sizer SaaSFix Patched
Volumes All VersionsNot Vulnerable Not Needed
Witness VM All VersionsVulnerable Mitigation
X-Ray All VersionsNot Vulnerable Not Needed
Source: https://download.nutanix.com/alerts/Security_Advisory_0023.pdf

For some of the affected products, only Mitigation is available as of now and the patch is still pending from Nutanix side.

Scroll to Top