VMware vRealize Automation 7.6 – Patch 14 Released

Reading time: 4 minutes
It seems like it wasn’t too long ago that I posted that Patch 3 had been released for vRealize Automation 7.6 (technically it was March 2, 2020). Since then, VMware has been quite busy resolving various issues within vRealize Automation 7.6 and have released 11 additional patches as well as 2 cumulative security updates. Patch 14 for vRealize Automation 7.6 was released by VMware on September 22, 2020, and only contains 1 fix related to “Email notifications fail to work properly over time requiring service restarts”.

VMware vRealize Automation 8.1 – Patch 2 Released

Reading time: 3 minutes
On July 24, 2020, VMware released the second patch for vRealize Automation 8.1. Patch 2 including forty-eight fixes for Provisioning, the Service Broker, vRealize CodeStream, Identity, vRealize Orchestrator, and virtual appliance/clustering. The hotfix can be installed using vRealize Suite Lifecycle Manager 8.1. It is recommended to install vRealize Suite Lifecycle Manager 8.1 Patch 1 before installing vRealize Automation 8.1 Patch 2 (8.1.0.9583). For complete details on the items that have been resolved with this hotfix, review the VMware KB article Cumulative Update for vRealize Automation 8.

VMSA-2020-0009: vRealize Operations Authentication Bypass and Directory Traversal Vulnerabilities

Reading time: 2 minutes
I just wanted to provide a quick post to bring attention to the latest VMware Security advisory VMSA-2020-0009. The products affected include: vRealize Operations 7.5.0 vRealize Operations 8.0.x vRealize Operations 8.1.0 If you utilize the vRealize Operations Application Remote Collector (ARC) appliance to monitor operating systems or applications via the Telegraf agents, you should immediately implement the workaround documented in VMware KB79031. While two vulnerabilities were announced, both relating to Salt, an open-source project by SaltStack, the authentication bypass vulnerability (CVE-2020-11651) received a CVSSv3 base score of 10.

Monitoring Devices Using SNMP in vRealize Operations 8.1

Reading time: 15 minutes
VMware’s vRealize Operations is an excellent monitoring, analytics, and self-driving IT operations platform that supports numerous applications and infrastructure systems out of the box. Management packs are available from both VMware and third-parties to extend these out of the box capabilities to a wide variety of additional applications and infrastructure systems. Unfortunately, management packs aren’t available for every hardware device that you might need to monitor. In these situations, monitoring via SNMP might be your only choice.

DISA Releases Updated VMware vSphere 6.5 STIGs – Version 1, Release 4

Reading time: 2 minutes
On April 23, 2020, the Defense Information Systems Agency (DISA) has made available the third update to VMware vSphere 6.5 STIGs originally released in 2019. VMware vSphere 6.5 STIG Version 1, Release 4 includes minor updates to both the ESXi and the vCenter Server STIGs. Per the revision history provided in the updated STIG download, the following changes were made: VMware vSphere 6.5 ESXi STIG V-100543 – Reinstated requirement The ESXi host must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic.

13 / 19

Search

Get Notified of Future Posts

Follow Me

LinkedIn Icon
Twitter/X Icon
Threads Icon
RSS Icon

Recent Posts