CVE-2016-2017 OpenSSL vulnerability and vRealize Operations Manager
search cancel

CVE-2016-2017 OpenSSL vulnerability and vRealize Operations Manager

book

Article ID: 342706

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
Security scans show that the vRealize operations manager virtual machine contain a version of OpenSSL that is vulnerable to the issues described by CVE-2016-2017.

Environment

VMware vRealize Operations Manager 6.4.x
VMware vRealize Operations Manager 6.3.x

Resolution

Security scans pick up a version (0.9.8j-fips) of OpenSSL that comes bundled with the Base Operating System of vRealize Operations Appliance.

This vulnerability does not affect the vRealize Operations Manager Appliance, as the Appliance uses an updated version (1.0.2j-fips).
Run this command to find the version of openssl in the vRealize Operations Manager appliance:
/usr/lib/vmware-vcopssuite/openssl/bin/openssl version


Additional Information

For more information, see SUSE offical site.