Many VMware products use the LOG4J software components which were recently disclosed to have a critical security vulnerability (CVE-2021-44228). This is a serious issue which requires immediate action.
VMware has published a security advisory (VMSA-2021-0028) which details VMware products known to be affected, as well as steps to remediate the issues. This is an on-going situation and updates to this document are expected. Please check back often to ensure you have the latest information.
VMware has also published an FAQ to address any questions.