All versions of the vCenter Server 6.7 appliance that are prior to vCenter Server 6.7 Update 3w  are affected by the security vulnerabilities listed below:

VMSA-2024-0019.2 - CVE-2024-38812

VCF affected Versions : All VCF 3.x versions

The purpose of this article is to provide guidance to upgrade just vCenter Server appliance.

The information contained in this article applies to both VCF on Dell EMC VxRail environments and vSAN Ready Nodes environments.

All the documented security issues are resolved in vCenter Server 6.7 Update 3w

Workaround:

Step 1: Perform below steps on each VMware vCenter Server VM and each External PSC deployed in your VMware Cloud Foundation environment

1) Powered off concurrent snapshots should be taken of all PSC's and VC's in the SSO domain prior to patching.

2) Apply the VMware vCenter server 6.7U3w patch available here to all external PSCs and vCenter Servers (Management & VI Domain) in the environment.

Step 2: Perform below steps on each SDDC Manager VM deployed in your Cloud Foundation environment

1) Download the script attached to the KB postUpgradeRemediation_VCF3x_VC70U3w.py

2) Copy the script to /home/vcf folder in SDDC Manager VM

3) Login to SDDC Manager using vcf user, su to root

4) Give execute permissions to the script

chmod +rwx /home/vcf/postUpgradeRemediation_VCF3x_VC70U3w.py

5) Run the script

/home/vcf/postUpgradeRemediation_VCF3x_VC70U3w.py

The script will validate if all your PSCs and VCs are upgraded to target version, and perform the required configuration within SDDC Manager.

Note:

Every time a new VI workload domain is created, both these steps need to be performed.