Recently, while attempting to change some settings on several instances of vRealize Orchestrator embedded within vRealize Automation 8.8.1 appliances, I found that I could not successfully authenticate to the vRealize Orchestrator Control Center interface. The interface is located at https://[vRA URL]/vco-controlcenter and requires that you provide the “root” user credentials to access it. Although I could authenticate to the virtual appliance consoles using the “root” credentials, I could not successfully authenticate to the vRealize Orchestrator Control Center interface.
Recently I began familiarizing myself with VMware vRealize Automation SaltStack Config in my home lab. While I'm still relatively new to the product, I was curious to learn more about the compliance and vulnerability management capabilities provided by the SecOps add-on. In this post, I introduce VMware vRealize Automation SaltStack SecOps and briefly review the various features and functionality provided by the product. In subsequent blog posts, I will give a more in-depth look at vulnerability management and compliance management capabilities.
VMware announced the initial availability (IA) of VMware vSphere 8.0 on October 11, 2022. This new status of “initial availability” follows the new release model that VMware is utilizing for all future vSphere releases. This new release of vSphere is packed with many new features as well as many deprecated features. For a quick overview of what’s new in this release, view the VMware Blog post: Announcing: vSphere 8 Initial Availability.
VMware vRealize Automation 8.8.1 was released on June 9, 2022. With this release, VMware has provided security updates and new features, including support for the vRealize Automation Extensibility (vREx) Proxy.
Hot on the heels of the recent April 2022 VMware critical security advisory VMSA-2022-0011, which addressed eight CVEs within VMware Workspace ONE Access and VMware Identity Manager, VMware has released a new creitical security advisory VMSA-2022-0014. This advisory addresses two new security vulnerabilities (CVE-2022-22972 and CVE-2022-22973) in VMware Workspace ONE Access and VMware Identity Manager, with one rated as critical. Authentication Bypass Vulnerability - CVE-2022-22972 According to VMware, a malicious user with network access to the VMware Workspace ONE Access or VMware Identity Manager user interfaces may be able to obtain administrative access without needing to authenticate.