VMware Aria Operations 8.14 Hot Fix 1
Article ID: 324354
Updated On:
Products
VMware Aria Suite
Issue/Introduction
VMware Aria Operations 8.14 Hot Fix 1 is a public Hot Fix that addresses the following issues:
The following CVEs have been resolved as of version 8.14 Hot Fix 1:
Note: Inclusion of a given CVE in the following table does not imply exploitability of said CVE.
Note: Inclusion of a given CVE in the table above does not imply exploitability of said CVE.
- Dashboard names are missing in the generated report
- [CP] After cluster reboot CP failed to reconnect to cluster
- "Internal Error" when navigating to a resource summary page.
- Disable new repo files coming with PhotonOS-4.0 update
- OpenManage Management Pack fails at validation phase
- Upgrade to 8.14 fails with error "resource key=pak_manager.action_failed, resource args=[run admin first boot scripts]"
- [Notifications] Notification is sent regardless of the "Status" defined in the "Define Criteria" tab
- [App Monitoring] The Ping check configuration not working when Timeout value is not an float 8.14 & Cloud
- vSphere SCG 7u3 and vSphere SCG 8.0 Compliance Symptom Definition for ESXi.set-hyperthread-security-warning is incorrect
- Application Monitoring on upgraded setup is broken
- Custom Script unique parameter check changed in 8.14 release
- Issues with k8s namespace cost and k8s cluster cost
- Host System objects are monitoring with more than one adapter instances
- Modifying adapter instance without giving credential ID
- [App Monitoring] Failed to edit non-unique identifier for telegraf services
- Need to reconfigure "/var/log/messages" file rotation.
- The allocation costs are not published for private cloud clusters when allocation model is enabled.
- Case sensitive comparision of resource kind name fills logs with errors
- SDDC MP is not installed on all Aria Operations nodes
- Open source telegraf should not be configured with CP FQDN when CP configured using static IP
- [What if analysis] Add VM and Remove VM scenario shows cost as 0 for both traditional and hyperconverged scenarios
- Exclude Unicorn firstboot execution during b2b upgrade
- AppOSAdapter going down due to concurrent modification exceptions
- CIS compliance Policy is not getting imported correctly.
- Handle 4 unhandled exceptions seen in AppOSAdapter
- KPI latency metrics for vSAN clusters in vCenter reporting 0
- [Telemetry] SustainabilityConsumer optimized (port from platform scale branch)
- UI shows an internal server error when user tries to fetch component properties for last week, last month, last 6 months and last year.
- Collector group side-details-panel isn't load in case of many CPs configured
- OOM on applicationParserTasks part of AppOSAdapter
- Performance Degradation because of unnecessary DB calls
- vROps collector has high CPU usage
The following CVEs have been resolved as of version 8.14 Hot Fix 1:
Note: Inclusion of a given CVE in the following table does not imply exploitability of said CVE.
| Component | CVE |
|---|---|
| apr-util | CVE-2022-25147 |
| ch.qos.logback:logback-core | CVE-2023-6378 |
| CVE-2023-6481 | |
| chromium | CVE-2023-3727 |
| CVE-2023-4072 | |
| CVE-2023-4073 | |
| CVE-2023-4076 | |
| CVE-2023-4353 | |
| CVE-2023-4354 | |
| CVE-2023-4427 | |
| CVE-2023-4428 | |
| CVE-2023-4429 | |
| CVE-2023-4430 | |
| CVE-2023-4431 | |
| CVE-2023-4572 | |
| CVE-2023-45853 | |
| CVE-2023-4761 | |
| CVE-2023-4762 | |
| CVE-2023-4763 | |
| CVE-2023-4764 | |
| CVE-2023-4863 | |
| CVE-2023-4900 | |
| CVE-2023-4901 | |
| CVE-2023-4902 | |
| CVE-2023-4903 | |
| CVE-2023-4904 | |
| CVE-2023-4905 | |
| CVE-2023-4906 | |
| CVE-2023-4907 | |
| CVE-2023-4908 | |
| CVE-2023-4909 | |
| CVE-2023-5186 | |
| CVE-2023-5187 | |
| CVE-2023-5217 | |
| CVE-2023-5218 | |
| CVE-2023-5346 | |
| CVE-2023-5472 | |
| CVE-2023-5473 | |
| CVE-2023-5474 | |
| CVE-2023-5475 | |
| CVE-2023-5476 | |
| CVE-2023-5477 | |
| CVE-2023-5478 | |
| CVE-2023-5479 | |
| CVE-2023-5480 | |
| CVE-2023-5481 | |
| CVE-2023-5482 | |
| CVE-2023-5483 | |
| CVE-2023-5484 | |
| CVE-2023-5485 | |
| CVE-2023-5486 | |
| CVE-2023-5487 | |
| CVE-2023-5849 | |
| CVE-2023-5850 | |
| CVE-2023-5851 | |
| CVE-2023-5852 | |
| CVE-2023-5853 | |
| CVE-2023-5854 | |
| CVE-2023-5855 | |
| CVE-2023-5856 | |
| CVE-2023-5857 | |
| CVE-2023-5858 | |
| CVE-2023-5859 | |
| CVE-2023-5996 | |
| CVE-2023-5997 | |
| CVE-2023-6112 | |
| CVE-2023-6346 | |
| CVE-2023-6348 | |
| CVE-2023-6512 | |
| golang-runtime | CVE-2023-45287 |
| io.netty:netty-common | CVE-2023-34462 |
| libwebp | CVE-2023-4863 |
| linux_kernel | CVE-2023-45863 |
| CVE-2023-46813 | |
| CVE-2023-5178 | |
| CVE-2023-5717 | |
| CVE-2023-6610 | |
| log4j:log4j | CVE-2019-17571 |
| CVE-2020-9493 | |
| CVE-2022-23302 | |
| CVE-2022-23305 | |
| CVE-2022-23307 | |
| CVE-2023-26464 | |
| org.apache.poi:poi | CVE-2022-26336 |
| org.apache.struts:struts2-core | CVE-2023-34149 |
| CVE-2023-34396 | |
| CVE-2023-41835 | |
|
CVE-2023-50164 Not Exploitable * | |
| org.apache.tiles:tiles-core | CVE-2009-1275 |
| CVE-2023-49735 | |
| org.apache.tomcat:tomcat-util | CVE-2023-42794 |
| org.json:json | CVE-2023-5072 |
| org.springframework:spring-core | CVE-2023-20861 |
| perl | CVE-2023-47100 |
| postgresql | CVE-2020-21469 |
| CVE-2023-39417 | |
| CVE-2023-39418 | |
| CVE-2023-5868 | |
| CVE-2023-5869 | |
| CVE-2023-5870 | |
| vim | CVE-2023-46246 |
| CVE-2023-48231 | |
| CVE-2023-48232 | |
| CVE-2023-48233 | |
| CVE-2023-48234 | |
| CVE-2023-48235 | |
| CVE-2023-48236 | |
| CVE-2023-48237 | |
| CVE-2023-48706 |
Note: Inclusion of a given CVE in the table above does not imply exploitability of said CVE.
Environment
VMware Aria Operations 8.14.x
Resolution
VMware Aria Operations 8.14 Hot Fix 1 can be applied to any 8.14.x environment.
Note: Upgrading from older versions directly to this Hot Fix is not supported. You must upgrade to 8.14.x before applying this Hot Fix.
Important: Take snapshots of each of the VMware Aria Operations nodes before applying the Hot Fix by following How to take a Snapshot of VMware Aria Operations.
- Download the VMware Aria Operations 8.14 Hot Fix 1 PAK file from the Broadcom Support Portal.
Note: You will need to login to the portal first then click the link above in order to allow download of the file.
| Release Name | Release Date | Build Number | UI Build Number | File Name |
| VMware-Aria-Operations-8.14-HF1 | 1/11/2024 | 23069783 | 23069790 | vRealize_Operations_Manager_With_CP-8.10.x-to-8.14.1.23069783.pak |
- Log in to the primary node VMware Aria Operations Administrator interface of your cluster at https://master-node-FQDN-or-IP-address/admin.
- Click Software Update in the left panel.
- Click Install a Software Update in the main panel.
- Follow the steps in the wizard to locate and install your PAK file.
- Install the product update PAK file.
Wait for the software update to complete. When it does, the Administrator interface logs you out. - Log back into the primary node Administrator interface.
The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it. - Clear the browser caches and if the browser page does not refresh automatically, refresh the page.
The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.
Note: If a cluster fails and the status changes to offline during the installation process of a PAK file update then some nodes become unavailable. To fix this, you can access the Administrator interface and manually take the cluster offline and click Finish Installation to continue the installation process.
- Click Software Update to check that the update is done.
A message indicating that the update completed successfully appears in the main pane.
Once the update is complete delete the snapshots you made before the software update.
Feedback
Yes
No
Powered by
