All versions of the vCenter Server 6.7 appliance that are prior to vCenter Server 6.7 Update 3u  are affected by the security vulnerabilities listed below:

• CVE-2024-37079
• CVE-2024-37080.

VCF affected Versions : All VCF 3.x versions

The purpose of this article is to provide guidance to upgrade just vCenter Server appliance.

The information contained in this article applies to both VCF on Dell EMC VxRail environments and vSAN Ready Nodes environments.

All the documented security issues are resolved in vCenter Server 6.7 Update 3u

Workaround:

Step 1: Perform below steps on each VMware vCenter Server VM and each External PSC deployed in your VMware Cloud Foundation environment 

1) Powered off concurrent snapshots should be taken of all PSC's and VC's in the SSO domain prior to patching.

2) Apply the VMware vCenter server 6.7U3u patch available at https://support.broadcom.com/web/ecx/solutiondetails?patchId=5440 to all external PSCs and vCenter Servers (Management & VI Domain) in the environment.


STEP 2: Perform below steps on each SDDC Manager VM deployed in your Cloud Foundation environment

1) Download the script attached to the KB postUpgradeRemediation_VCF3x_VC70U3u.py

2) Copy the script to /home/vcf folder in SDDC Manager VM 

3) Login to SDDC Manager using vcf user, su to root 

4) Give execute permissions to the script 

chmod +rwx /home/vcf/postUpgradeRemediation_VCF3x_VC70U3u.py

5) Run the script 

/home/vcf/postUpgradeRemediation_VCF3x_VC70U3u.py

 Script would validate if all your PSC's/VC's are upgraded to target version and exit 

Note:

Every time a new VI workload domain is created, both these steps need to be performed.