Is Identity Manager vApp Affected by CVE-2021-28041?
Identity Manager on vApp
For the 14.3 vApp there is no further OpenSSH upgrade possible due to the limitation of being on the CentOS 6 platform which is has reached end of service.
With the fresh 14.4 vApp running on CentOS 8 Stream, we are shipping version OpenSSH 8.0 which is the latest open OpenSSH version available for CentOS 8 Stream and the CVE-2021-28041 vulnerability was not introduced until version 8.2 so the 14.4 vApp is not impacted
http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/
https://access.redhat.com/security/cve/cve-2021-28041