CVE-2021-3156 for vRealize Suite Lifecycle Manager (vRSLCM)
Article ID: 322696
Updated On:
Products
VMware Aria Suite
Issue/Introduction
The Patch is to address the vulnerability identified against the reported CVE: CVE-2021-3156
Environment
VMware vRealize Suite Lifecycle Manager 2.x
Resolution
Patch Deployment Steps, Change expected and How to confirm Patch has been applied:
If you encounter issue with Content Management functioning, follow the below steps to fix:
- Take necessary backup/snapshot of vRSLCM appliance.
- Download the RPM package, Click here to download.
- ssh to the appliance as root user and copy the RPM to any location.
- Run the command "rpm -Uvh sudo-1.9.5-2.ph1.x86_64.rpm"
- To check if the version is upgraded: sudo -V
If you encounter issue with Content Management functioning, follow the below steps to fix:
Symptom : Content management UI failing throwing forbidden error
Reason : Some of the internal libraries fail to function properly.
Reason : Some of the internal libraries fail to function properly.
Steps to resolve Content Management functioning Issue:
- Take snapshot
- Replace blackstone-services-1.3.jar under /opt/vmware/vlcm/extensions with the one attached in this article (blackstone-services-1.3.jar)
- Restart service using the command: systemctl restart vrlcm-xserver
Additional Information
Impact/Risks:
CVE-2021-3156 has been determined to affect 2.x releases of vRealize Suite Lifecycle Manager.
CVE-2021-3156 has been determined to affect 2.x releases of vRealize Suite Lifecycle Manager.
Attachments
Feedback
Yes
No
Powered by
