Security


DISA Releases VMware vSphere 6.7 STIG - Version 1, Release 3

Reading time: 3 minutes
On April 22, 2022 the Defense Information Systems Agency (DISA) released the third update to the VMware vSphere 6.7 STIG. Version 1, Release 3 contains minor changes to the VMware vSphere 6.7 Photon OS STIG.

vRealize Automation 7.6 Cumulative Security Update for April 2022 Now Available

Reading time: 2 minutes
On April 21, 2022, VMware released the April 2022 Cumulative Security update for vRealize Automation 7.6 and vRealize Orchestrator 7.6. This update includes patches for various platform components that may be flagged by vulnerability scanners while scanning the virtual appliances. Since this update is cumulative, all previously updated components are included in this release. What’s Included While VMware does not provide detailed release notes for these cumulative security updates, based on the contents of the update script, the following RPM packages will be deployed during the update process:

vRealize Operations Compliance Alerts for the vSphere 6.7 STIG

Reading time: 6 minutes
While I will admit that I’m a little bit behind on this one, I’ve finally put together my vRealize Operations compliance content for the VMware vSphere 6.7 STIG that was released by DISA earlier this year. The VMware vSphere 6.7 STIG release was quite different from the previous releases and includes 12 separate STIGs. Not only are there compliance checks related to Virtual Machines, ESXi hosts, and the vCenter Server application, there are also STIGs for various services that make up the vCenter Server Appliance (VCSA).

Log4j Workaround for vRealize Automation 8 and vRealize Orchestrator 8

Reading time: 3 minutes
VMware has been quite busy providing workarounds for all of their products that are affected by the recent Apache Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046. One of the affected products is vRealize Automation 8.0 through 8.6.1. While VMware has stated that these vulnerabilities will be addressed in the future vRealize Automation 8.6.2 and vRealize Orchestrator 8.6.2 releases, they have provided a temporary workaround as detailed in KB87120 for vRealize Automation and vRealize Orchestrator versions 8.

VMSA-2021-0028 - VMware's Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)

Unless you’ve been living under a rock the past couple days, you’ve likely been seeing many articles regarding CVE-2021-44228 which describes a remote code execution vulnerability within Apache Log4j. Apache Log4j is a Java-based logging utility used by many applications across the world, and as such, this vulnerability is a huge issue due to how easy it is to exploit as well as the sheer number of vulnerable devices. Like most companies with Java based applications, many of VMware’s products utilize Log4j to provide application logging capabilities.

1 / 3

Search

Get Notified of Future Posts

Follow Me

Twitter Icon
LinkedIn Icon
RSS Icon

Recent Posts