Recently I began familiarizing myself with VMware vRealize Automation SaltStack Config in my home lab. While I'm still relatively new to the product, I was curious to learn more about the compliance and vulnerability management capabilities provided by the SecOps add-on. In this post, I introduce VMware vRealize Automation SaltStack SecOps and briefly review the various features and functionality provided by the product. In subsequent blog posts, I will give a more in-depth look at vulnerability management and compliance management capabilities.

VMware announced the initial availability (IA) of VMware vSphere 8.0 on October 11, 2022. This new status of “initial availability” follows the new release model that VMware is utilizing for all future vSphere releases. This new release of vSphere is packed with many new features as well as many deprecated features. For a quick overview of what’s new in this release, view the VMware Blog post: Announcing: vSphere 8 Initial Availability.

VMware vRealize Automation 8.8.1 was released on June 9, 2022. With this release, VMware has provided security updates and new features, including support for the vRealize Automation Extensibility (vREx) Proxy.

Hot on the heels of the recent April 2022 VMware critical security advisory VMSA-2022-0011, which addressed eight CVEs within VMware Workspace ONE Access and VMware Identity Manager, VMware has released a new creitical security advisory VMSA-2022-0014. This advisory addresses two new security vulnerabilities (CVE-2022-22972 and CVE-2022-22973) in VMware Workspace ONE Access and VMware Identity Manager, with one rated as critical. Authentication Bypass Vulnerability - CVE-2022-22972 According to VMware, a malicious user with network access to the VMware Workspace ONE Access or VMware Identity Manager user interfaces may be able to obtain administrative access without needing to authenticate.

One of my work colleagues brought to my attention today an issue in VMware vRealize Suite Lifecycle Manager 8.8.0 to my attention today. While attempting to complete some regular account password changes, he realized that the Password Locker was only returning 10 passwords and stating there were only 10 passwords in the system.