CVE-2021-3156 for vRealize Suite Lifecycle Manager (vRSLCM)
search cancel

CVE-2021-3156 for vRealize Suite Lifecycle Manager (vRSLCM)


Article ID: 322696


Updated On:


VMware Aria Suite


The Patch is to address the vulnerability identified against the reported CVE: CVE-2021-3156


VMware vRealize Suite Lifecycle Manager 2.x


Patch Deployment Steps, Change expected and How to confirm Patch has been applied:
  1. Take necessary backup/snapshot of vRSLCM appliance.
  2. Download the RPM package, Click here to download.
  3. ssh to the appliance as root user and copy the RPM to any location.
  4. Run the command "rpm -Uvh sudo-1.9.5-2.ph1.x86_64.rpm"
  5. To check if the version is upgraded: sudo -V

If you encounter issue with Content Management functioning, follow the below steps to fix:
Symptom : Content management UI failing throwing forbidden error
Reason : Some of the internal libraries fail to function properly.

Steps to resolve Content Management functioning Issue:

  1. Take snapshot
  2. Replace blackstone-services-1.3.jar under /opt/vmware/vlcm/extensions with the one attached in this article (blackstone-services-1.3.jar)
  3. Restart service using the command: systemctl restart vrlcm-xserver

Additional Information

CVE-2021-3156 has been determined to affect 2.x releases of vRealize Suite Lifecycle Manager.


blackstone-services-1.3 get_app