VMware Aria Operations 8.12
search cancel

VMware Aria Operations 8.12

book

Article ID: 318257

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

This article covers the fixes made in VMware Aria Operations 8.12 from previous versions.

This release resolves CVE-2023-20877, CVE-2023-20878, CVE-2023-20879 and CVE-2023-20880.
For more information on the vulnerabilities and their impact on VMware products, see VMSA-2023-0009.

The following issues have been resolved as of Aria Operations 8.12:

  • Arbitrary file read & deserialize RCE after authentication.
  • Post-auth java bean el Expression inject RCE.
  • Local Privilege Escalation vulnerability in generateSupportBundle
  • Local Privilege Escalation vulnerability in activate_renewed_certificates
  • vcopsgfsh.sh command is not working in 8.1.1
  • "No data" in generated report content.
  • Some issues regarding the Maximum field in the Top-N widget.
  • Issue related to gemfire locator service.
  • [NSX-t MP] Elapsed Collection time is 30 min.
  • Unintended Application Information Accessible by ReadOnly Users.
  • [List View]  User is able to save up to 50 columns of data in list view, but only 50 will be visualized.
  • A warning is needed when the Datacenter becomes unavailable.
  • "Click To View More"  does not seems to bring focus to a previously selected item under Output Filter section.
  • After create account VMC on AWS gettSddcList call's duration takes longer than before.
  • [RabbitMQ] Telegraf agent not detected the rabbitmq service.
  • Deleted hosts were considered for costing in case of VMC on AWS and VMC-D.
  • [NeedInfo]VsanHostConfigInfo.getVsanEsaEnabled() is always null for ESXi hosts under vSAN ESA Cluster.
  • [REST API] Recreate data publisher REST APIs in the internal APIs and fix old sre data publisher extensions.
  • [App Monitoring] After content upgrade on stopped VM, the agent status is changed to "Agent Running".
  • [App-Monitoring] It is necessary to update OS related telegraf configuration when open_source_telegraf_monitor.ps1 helper script was run on Windows VMs/servers.
  • [CommonJSAction] check for Pendo availability does not take into account empty string.
  • There is a discrepancy in monthly datastore effective aggregated allocated and unallocated cost at datacenter level.
  • Summary tab in Object Browser is empty post MP4H update from 12. to 2.0.
  • [App Monitoring] Configured plugin instances are not shown in Manage Telegraf Agents page when vRealize Operations is upgraded from 8.3 to 8.10.
  • [Service Discovery] "Is Application Member" property update issue.
  • In case of FIPS ON CP can't connect to vRealize Operations through network proxy.
  • What-If: VMC Migration: Memory and disk space allocation values are not set.
  • Compliance benchmark score card not getting installed during pak deployment.
  • Weblogic is wrongly discovered as Oracle DB.
  • [Global Settings] Unable to change retention period via API call for specific Resource Kind.
  • [NSX-T] Logical Switches are not being collected by vRealize Operations.
  • Unit is missing for vc_appliance|root_user_expiration_date property.
  • Changes for vRealize Operations API , which exports workload for VMC migration assessment.
  • [App Monitoring] Telegraf agent version should correspond to vRealize Operations version.
  • Resolve interoperability issues between vCLS and vRealize SDMP.
  • [Collector Group] Only one CP is shown in "Collector Group" page if there are more than one CPs with the same friendly name.
  • Last data point is being rolled up.
  • [Plan][Capacity][What-If] While editing the add host scenario, an "Internal Server Error" appears.
  • [Plan][Capacity][What-If] Unsaved changes will be lost after edit/clone operation.
  • [vRealize Operations Cloud] Get connectivity info fails with NPE.
  • Timestamp template was changed in logs.
  • [Dashboards] Share Dashboard functionality works incorrectly when it's already shared.
  • [Plan][Capacity][Commit] Unsaved changes will be lost after edit/clone operation.
  • Change logo for Azure VMware Solution.
  • There are links in dashboards that are being opened in a new tab, but shouldn't.
  • Content import operation fails from preAdapters script using SuiteAPI client.
  • Generetaed PDF report does not show all host info although CSV do.
  • Cluster base rate and other metrics are zero for ocvs objects.
  • [Automation Central] WLP schedules should not be editable or possible to create from Automation Central endpoints.
  • [Automation Central] Scope change for Rightsize/Reclaim jobs should not be possible from Automation Central endpoints.
  • [OCVS adapter] Add HCI workload shows hybrid clouds under public clouds section.
  • [AdminUI] Cannot continue vRealize Operations upgrade.
  • Internal Server Error is being thrown while adding license group in the described case.
  • Super Metrics Disappear in 8.10, potentially due to non-existent resource kind.
  • During upgrade fail, Admin UI remains unavailable.
  • [Plan][Capacity] "Scenario is not available" occurred when adding Remove VM committed scenario.
  • [Views] Subject change is not updating preview immediately.
  • "Business Application" untagging issues.
  • [Service Discovery] VMs with Service discovery not existing collection state, shown in the "Manage SDMP Services" grid.
  • Update toolbar old icons.
  • vrops-agent is still using -XX:MaxPermSize, which is deprecated in java 8.0.
  • [Plan][Capacity] Committed scenarios list is empty.
  • [Plan][Capacity] Using XSS in the Committed scenarios name brings to issue in the complete committed scenario window.
  • Replace vRealize Operations old icons with new clarity icons.
  • [Plan][Capacity][What-if/Commit] Using XSS in a custom datacenter name brings to issue in the tooltip on warning icons in the what-if/committed scenarios page.
  • Dashboads Home menu is still visible although permission "Dashboads Home Page" is not selected.
  • Toolbar icons update.
  • [App Monitoring] Content upgrade of telegraf agent is failing due to missing status_agent attribute.
  • Create new "manage" icon.
  • Update License Keys Grid icons and tooltip.
  • [Plan][Capacity][Commit] Wrong data center is displayed in the saved committed scenarios grid.
  • [App Monitoring] Telegraf agent installation via script is failing on Windows VM where the language is set to French.
  • [Plan][Capacity] Initial selected list is not chosen after the edit operation.
  • [Billing Dashboards] Rename "vRealize Operations Billing Usage by CPU Cores"  to "vRealize Cloud Universal Billing Usage by CPU Cores".
  • "No data to display" is being shown while creating a distribution view using the "vSphere Tag" property.
  • In ops-lite mode, do not send relationship updates for objects that have discovery turned off.
  • Correct "success" icon light theme size.
  • Hyper converged servers are listed under traditional servers.
  • Enhance traversal spec framework to detect cycles brought by Traversal spec expansions.
  • Failed to install telegraf agent manually/UI on windows-korean language.
  • [App Monitoring] Opensource telegraf helper script and physical servers helper script execution failed on Linux OS VM.
  • CollectorDown status is not set for all adapter instance resources.
  • [App Monitoring][HA][vRealize Operations Cloud] Install agent API is failing with error "VM with ID <Resource ID> is not connected to any ARC or Cloud Proxy" when install is done with individual CP.
  • vSAN MP uses 'getLatestStats' GET suite API which builds too long URL for passing through CP HA proxy.
  • [Microsoft Azure Adapter Instance] Some objects from MySQL Adapter came out in Azure.
  • [Cloud Accounts] Incorrect mapping between vCenter and vSan adapters.
  • Capacity overview page doesn't show any clusters if there is a cluster in an unknown state.
  • [Views][UI] View name misses special symbols after export-import.
  • Suite-api service on CP isn't comming online.
  • Unable to see saved what-if scenarios.
  • [Billing] Instance metric shows the same value for all objects in "vRealize Operations Billing Usage by CPU Cores" dashboard.
  • [vCenter Adapter] At the Datastore Layer The Consumer Space metric counts shared disk capacity multiple times.
  • Chevron issue of "Select Another Dashboard" in edit dashboard page.
  • Duplicate object collection for Amazon Storage Gateway.
  • [Automation Central] The action name shows incorrect after searching , when the action name is written in the brackets.
  • Container item in Object browsers tree opens with delay.
  • [What-If] The Utilized capacity per host calculation is wrong.
  • [Alerts] Internal Server Error on "All Alerts" page.
  • [App Monitoring][HA] User is allowed to install telegraf agent on 2 different VMs of same VC one with standalone CP and another with collector group and adapter is created for the standalone CP as well as all the CPs of the collector group.
  • Memory Sensor hardware alerts not auto-cancelling.
  • Supermetric preview showing incorrect results.
  • Discarded changes are saved for Integrations > Accounts.
  • ARC backups are being created automatically, using disk space and then CP stops running after reaching 100% disk usage.
  • [Public Cloud][Summary Tab] Instances Widget shows "World" object instances, although selected adapter instance.
  • Custom groups group type key should be added to group types get API.
  • Add or update custom group with custom properties using suite API, adds CustomPropery_ prefix on a name of the property.
  • The Summary|Availability % metric value is negative.
  • Add support for VirtualSriovEthernetCard.
  • New sparkline tooltip update.
  • Redundant Quotes in "Appliance|Time Sync Mode" Property Value.
  • VCF cloud account vCenters should have their cloud type identifier VCF cloud.
  • Admin UI AD/LDAP user login is extremally slow.
  • Handle NullPointer Exception when configInfo is null.
  • AWS MP runs post-script on all nodes.
  • Update OracleDB regex when installed under /opt dir and use DSN instead of SID while plugin activation.
  • Buttons in Tab Wizard Component are reordered.
  • NPE is thrown during the collection.
  • [Automation Central][REST API] Possible to create action job with expired start date via POST call.
  • Object icons are not shown in Integration and Object details pages.
  • [What-If] "Add VMs" link navigates to the "Create Workload Planning: Traditional" page.
  • [Content Management] Unable to import from the same vRealize Operations.
  • The Compliance page's load duration significantly worsened.
  • Keepalived service not getting VIP as httpd-south service is not found.
  • Wrong symptoms list when there is no matching by name during filter both in Object Detail and Troubleshooting Workbench symptoms page.
  • [Automation Central] Created Jobs disappear after sorting by "Modified By".
  • Increase vpostgres-repl service timeout to 15 min.
  • Few services are discovered for the regions even when that region is not selected in AI configuration.
  • [What-If] Deficit is not showing in a what-if scenario when the workload does not fit in a data center.
  • Intermittent ClassLoader related NPE in outbound notification flow.
  • For Read-Only users "Committed Scenarios" page is empty.
  • Content Management export completed with the exception in the analytics log.
  • [NSX-T MP] Null pointer Exception in logs.
  • [Reporting] Footer failed to populate date for Portugal locale.
  • [Automation Central] Search filtering is not working from second page.
  • [vCenter Adapter] At the Datastore layer add a property for datastore maintenance mode.
  • Correct confirm window checkbox style and icon color.
  • [NSX-T MP] Update the dashboards.
  • [App Monitoring][HA] After b2b upgrade, the arc operations are failing.
  • [Roles] "Collector Groups Page" and  "Manage Collector Groups" permissions should be moved under "Data Sources->Cloud Proxies" permission.
  • Guest Used Memory metric showing negative.
  • Getting JS error in the "Object Browser > Summary" page.
  • Aria Operations reports showing empty widget for trend view widget inside dashboard.
  • Missing privilege check on the UI side for Collector Group actions.
  • [Workbench] Information message is visible partly.
  • Fix redundant logging during SM calculation when evaluator can't find specified resource.
  • Fix incorrect calculation for embedded SMs.
  • Dark mode text color.
  • [VMware Sovereign Cloud Compliance] View and report generation doesn't work for many VMs.
  • [NSX-T MP] Content issues after Aria Operations Upgrade.
  • Tag Query failure prevents all Tags from Collecting.
  • [App Monitoring] Application services are not displayed on Aria Operations UI on managed telegraf agent page when the installed VM is uninstalled and then installed back via script.
  • VMware Chargeback bills producing inconsistent results.
  • Intermittent issue when parent cluster is not properly set for the vSAN host in Stretched Cluster config.
  • Notification rule Tag filtering not working correctly.
  • Disable vSAN adapter VM performance data collection by default.
  • [App Monitoring] The close button for the plugin activation wizard is not closing the wizard.
  • [NSX-T MP] Update the NSX Direct Alert Recommendations.
  • Unable to create a custom group via API in the described case.
  • The "id" parameter description should be updated in Swagger UI for the described case.
  • Change super metric calculation interval in preview from 5s to 5 min.
  • Platform session gets expired while sending notifications.



The following CVEs have been resolved as of Aria Operations 8.12:

Component Name CVE
apache CVE-2023-25690
CVE-2023-27522
bind CVE-2022-0396
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
c3p0 CVE-2019-5427
CVE-2018-20433
curl CVE-2023-23914
CVE-2023-23915
dhcp CVE-2019-6470
glibc CVE-2023-25139
gnupg CVE-2022-3515
gnutls CVE-2023-0361
haproxy CVE-2023-25725
jdk-openjdk CVE-2022-21618
CVE-2022-21628
CVE-2023-21939
CVE-2022-39399
CVE-2022-21619
CVE-2022-21626
CVE-2022-21624
CVE-2023-21835
CVE-2023-21937
CVE-2023-21938
CVE-2023-21930
CVE-2023-21954
CVE-2023-21968
CVE-2023-21967
CVE-2023-21843
jvm-hotspot-openjdk CVE-2022-39399
CVE-2022-21619
CVE-2022-21626
CVE-2022-21624
CVE-2022-21628
kerberos CVE-2022-42898
libarchive CVE-2022-36227
libksba CVE-2022-3515
linux_kernel CVE-2022-36280
CVE-2022-3534
CVE-2023-23454
CVE-2019-19319
postgresql CVE-2021-43767
CVE-2022-41862
python CVE-2020-10735
rsyslog CVE-2022-24903
runc CVE-2023-25809
CVE-2023-28642
snappy CVE-2023-28115
spring-beans CVE-2022-22965
sudo CVE-2023-22809
tar CVE-2022-48303
tomcat CVE-2022-34305
CVE-2022-45143
vim CVE-2023-0051
CVE-2023-0054
CVE-2023-0049
CVE-2023-0288
CVE-2023-0433
CVE-2022-47024
CVE-2023-0512
CVE-2023-1355
CVE-2023-1127
webkit CVE-2023-23529



Environment

VMware Aria Operations 8.12.x

Resolution

vRealize Operations 8.12 can be applied to any 8.6.x - 8.10.x environment.

It is recommended to take snapshots following How to take a Snapshot of vRealize Operations before upgrading.

  1. Download the Aria Operations 8.12 upgrade PAK file from Broadcom Support Portal
  2. Log in to the master node Aria Operations Administrator interface of your cluster at https://master-node-FQDN-or-IP-address/admin.
  3. Click Software Update in the left panel.
  4. Click Install a Software Update in the main panel.
  5. Follow the steps in the wizard to locate and install your PAK file.
  6. Install the product update PAK file.
    Wait for the software update to complete. When it does, the Administrator interface logs you out.
  7. Log back into the master node Administrator interface.
    The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it.
  1. Clear the browser caches and if the browser page does not refresh automatically, refresh the page.
    The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.
Note: If a cluster fails and the status changes to offline during the installation process of a PAK file update then some nodes become unavailable. To fix this, you can access the Administrator interface and manually take the cluster offline and click Finish Installation to continue the installation process.
  1. Click Software Update to check that the update is done.
    A message indicating that the update completed successfully appears in the main pane.

Additional Information

Once the update is complete, delete the snapshots you made before the software update.