There are certain situations where a vulnerability (CVE) or weakness (CWE) is identified for a certain component or package within vCenter Server Appliance. As a result, a requirement arises to upgrade those specific components/packages to the versions on which the vulnerability or weakness has been successfully addressed.

VMware vCenter Server
VMware Cloud Foundation

1. VMware by Broadcom does not support any manual or explicit modifications to the underlying operating system components and packages inside the vCenter Server appliance.
   
   
2. This includes upgrading/updating or removing any component/packages explicitly within the appliance.
   
   
3. To address any vulnerability or weakness which is specific to a version of the affected component, it is recommended to perform an upgrade of the appliance itself so as to leverage the upgraded components that come as a part of the operating system package. Broadcom releases a patch or a fixed version of the appliance to address any and every security issue identified, provided that the appliance as a product is still supported.
   
   
4. Contrary to the recommended way of addressing the vulnerability or weakness, updating or changing any components explicitly may result in an unexpected behavior of the system considering those changes may not have been thoroughly tested and validated by Broadcom Engineering.

VMware vCenter Server Photon OS Security Patches