Workaround instructions to address CVE-2021-44228 and CVE-2021-45046 in affected vRealize Operations Management Packs
Article ID: 339868
Updated On:
Products
VMware Aria Suite
Issue/Introduction
CVE-2021-44228 has been determined to impact vRealize Operations 8.0.x - 8.6 via the Apache Log4j open source component it ships. This vulnerability and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing:
- CVE-2021-44228 - VMSA-2021-0028
Management Packs Affected:
- vRealize Operations Aggregator Management Pack 2.0
- vRealize Operations Management Pack for CloudHealth 1.2
- vRealize Operations Management Pack for Google Cloud Platform 1.2
- vRealize Operations Management Pack for Horizon 1.2.1
- vRealize Operations Management Pack for Kubernetes 1.5.2
- vRealize Operations Management Pack for Kubernetes 1.6
- vRealize Operations Management Pack for NSX on vSphere 3.7.1
- vRealize Operations Management Pack for SDDC 8.2
- vRealize Operations Management Pack for SDDC 8.4
- vRealize Operations Management Pack for SDDC 8.6
- vRealize Operations Management Pack for Skyline 2.0.
- vRealize Operations Management Pack for Skyline 2.1
- vRealize Operations Management Pack for SNMP 3.1
- vRealize Operations Management Pack for SNMP 3.2
- vRealize Operations Management Pack for vCloud Director 5.4
- vRealize Operations Management Pack for vCloud Director 5.5
- vRealize Operations Management Pack for vCloud Director 8.6
- vRealize Operations Management Pack for VMware Identity Manager 1.1.1
- vRealize Operations Management Pack for VMware Identity Manager 1.2
- vRealize Operations Management Pack for VMware Identity Manager 1.3
- vRealize Operations Management Pack for VMware Integrated OpenStack 6.1
- vRealize Operations Management Pack for VMware Integrated OpenStack 6.2
- vRealize Operations Management Pack for vRealize Orchestrator 3.2
- vRealize Operations Management Pack for Storage Devices 8.4
- vRealize Operations Tenant App for VMware Cloud 2.4
- vRealize Operations Tenant App for VMware Cloud 2.5
- vRealize Operations Tenant App for VMware Cloud 2.6.1
- vRealize Operations Tenant App for VMware Cloud Director 8.6
Note: Both on-prem and cloud deployments are affected.
vRealize Operations Cloud Deployments:
We have taken the necessary actions to protect your environment from exploitation due to CVE-2021-44228. The vRealize Operations Cloud services have already been patched. Any Cloud Proxy appliances deployed on your local site(s) must have the workaround implemented manually by following the steps in the article.
Environment
VMware vRealize Operations 8.x
Resolution
- Follow the resolution steps in KB 332378 for vRealize Operations.
- Upgrade any installed affected management packs to a fixed version. See the list of fixed management pack versions below, with a link to download it from VMware Downloads.
- vRealize Operations Aggregator Management Pack 2.0.1
- vRealize Operations Management Pack for CloudHealth 1.2.2
- vRealize Operations Management Pack for Google Cloud Platform 1.2.1
- vRealize Operations Management Pack for Horizon 1.2.2
- vRealize Operations Management Pack for Kubernetes 1.5.3
- vRealize Operations Management Pack for Kubernetes 1.6.1
- vRealize Operations Management Pack for NSX on vSphere 3.7.2
- vRealize Operations Management Pack for SDDC 8.2.1
- vRealize Operations Management Pack for SDDC 8.4.1
- vRealize Operations Management Pack for SDDC 8.6.1
- vRealize Operations Management Pack for Skyline 2.0.1
- vRealize Operations Management Pack for Skyline 2.1.1
- vRealize Operations Management Pack for SNMP 3.1.1
- vRealize Operations Management Pack for SNMP 3.2.1
- vRealize Operations Management Pack for vCloud Director 5.4.1
- vRealize Operations Management Pack for vCloud Director 5.5.1
- vRealize Operations Management Pack for vCloud Director 8.6.1
- vRealize Operations Management Pack for VMware Identity Manager 1.1.2
- vRealize Operations Management Pack for VMware Identity Manager 1.2.1
- vRealize Operations Management Pack for VMware Identity Manager 1.3.1
- vRealize Operations Management Pack for VMware Integrated OpenStack 6.1.1
- vRealize Operations Management Pack for VMware Integrated OpenStack 6.2.1
- vRealize Operations Management Pack for vRealize Orchestrator 3.2.1
- vRealize Operations Management Pack for Storage Devices 8.4.1
- vRealize Operations Tenant App for VMware Cloud Director 2.4.1
- vRealize Operations Tenant App for VMware Cloud Director 2.5.1
- vRealize Operations Tenant App for VMware Cloud Director 2.6.2
- vRealize Operations Tenant App for VMware Cloud Director 8.6.2
Additional Information
Change Log:
Impact/Risks:
It is highly recommended to take snapshots of the vRealize Operations nodes following How to take a Snapshot of vRealize Operations.
Note: These snapshots are required if you should have to revert the workaround for any reason.
- April 13th 2021 - 12:11 PM MT: Initial draft
Impact/Risks:
It is highly recommended to take snapshots of the vRealize Operations nodes following How to take a Snapshot of vRealize Operations.
Note: These snapshots are required if you should have to revert the workaround for any reason.
Feedback
Yes
No
Powered by
