VCF Response to VMSA-2023-0005
search cancel

VCF Response to VMSA-2023-0005


Article ID: 323219


Updated On:


VMware Cloud Foundation


VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. This has been addressed in the following VMSA:


VMware Cloud Foundation 4.x


To remediate VMSA-2023-0005 in a VMware Cloud Foundation 4.x environment, please upgrade VMware vRealize Orchestrator and/or VMware vRealize Automation to version 8.11.1.
  1. Starting with VCF version 4.4, the SDDC Manager no longer manages the upgrades of vRealize components (even if they were originally deployed via SDDC Manager). Refer to VMware Cloud Foundation 4.4 Release Notes for more details.

  2. If the user is on a version prior to VCF 4.5, first upgrade to VCF 4.5 or higher.

  3. Once on VCF 4.5, upgrade the vRealize Suite Lifecycle Manager in place to version 8.10 or above using the vRSLCM UI. Refer to vRealize Suite Install and Upgrade Paths on VMware Cloud Foundation 4.4 and above for more information on upgrade paths.

  4. Use the vRealize Suite Lifecycle Manager to upgrade vRealize Automation to  8.11.1 or higher.