CVE-2021-20232 for vRealize Suite Lifecycle Manager
search cancel

CVE-2021-20232 for vRealize Suite Lifecycle Manager

book

Article ID: 322702

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The Patch is to address the vulnerability identified against the reported CVE: CVE-2021-20232

Environment

VMware vRealize Suite Lifecycle Manager 8.x

Resolution

Below steps are to address the vulnerability identified against the reported CVE: CVE-2021-20232

Patch Deployment Steps, Change expected and How to confirm Patch has been applied:

  1. Take necessary backup/snapshot of vRSLCM appliance.
  2. Download the RPM package from location below.
  3. ssh to the appliance as root user and copy the RPM to any location.
  4. Check gnutls version before updating the package using: "rpm -qa | grep gnutls" This should return: gnutls-3.6.15-2.ph3.x86_64
  5. Run the command "rpm -Uvh gnutls-3.6.15-3.ph3.x86_64.rpm" from the location where RPM has been downloaded.
  6. After update is completed, check gnutls version again using: "rpm -qa | grep gnutls" This should return: gnutls-3.6.15-3.ph3.x86_64

To Download Patches:

Download the rpm from https://packages.vmware.com/photon/3.0/photon_updates_3.0_x86_64/x86_64/gnutls-3.6.15-3.ph3.x86_64.rpm


Additional Information

Impact/Risks:
CVE-2021-20232 has been determined to affect 8.4.1 release of vRealize Suite Lifecycle Manager.

Powered by Wolken Software