VMware Aria Automation Orchestrator (formerly vRealize Orchestrator)

Recently, while attempting to change some settings on several instances of vRealize Orchestrator embedded within vRealize Automation 8.8.1 appliances, I found that I could not successfully authenticate to the vRealize Orchestrator Control Center interface. The interface is located at https://[vRA URL]/vco-controlcenter and requires that you provide the “root” user credentials to access it. Although I could authenticate to the virtual appliance consoles using the “root” credentials, I could not successfully authenticate to the vRealize Orchestrator Control Center interface.

VMware vRealize Automation 8.8.1 was released on June 9, 2022. With this release, VMware has provided security updates and new features, including support for the vRealize Automation Extensibility (vREx) Proxy.

VMware has released the latest update to the vRealize Suite, vRealize Automation 8.8, on April 28, 2022. With this release, VMware has provided several enhancements and new features, including support for multi-level approval policies, enhanced custom naming for deployment resources, and support for legacy vRealize Orchestrator workflow presentations within vRealize Automation custom forms.

VMware has released the latest update to the vRealize Suite, vRealize Automation 8.7, on March 22, 2022. With this release, VMware has provided several enhancements and new features, including a next-generation On-Prem ABX Engine, enhancements to vRealize Automation SaltStack Config, additional OS support for SaltStack Config SecOps Compliance, minor UI changes, and several changes related to deployments. What’s New Updates included in vRealize Automation 8.7.0: Next-generation On-Prem ABX Engine - New Function as a Service (FaaS) engine is much faster, fixes numerous issues with memory limits, and introduces memory-based throttling.

Unless you’ve been living under a rock the past couple days, you’ve likely been seeing many articles regarding CVE-2021-44228 which describes a remote code execution vulnerability within Apache Log4j. Apache Log4j is a Java-based logging utility used by many applications across the world, and as such, this vulnerability is a huge issue due to how easy it is to exploit as well as the sheer number of vulnerable devices. Like most companies with Java based applications, many of VMware’s products utilize Log4j to provide application logging capabilities.