VMware Aria Operations 8.18 Hot Fix 5
Article ID: 392307
Updated On: 04-03-2025
Products
Issue/Introduction
VMware Aria Operations 8.18 Hot Fix 5 is a public Hot Fix that addresses the following issues:
- Product managed agent installation is failing
- CP status became unhealthy after removing nodes from cluster
- "Network|Total Transmitted Packets Dropped" metric for VMs is missing
- JS error in creation flow of Payload Templates for webhook plugin
- The session is not authenticated issue while calling SPBM API's
- [Diagnostics MP] Add new VMSA rules: VMware ESXi CVE-2025-22224, CVE-2025-22225, CVE-2025-22226, to VMSA-2024-0004
- [Diagnostics MP] Update to VMSA rules: VMware vCenter Server CVE-2024-38812, CVE-2024-38813, to VMSA-2024-0019
- [Diagnostics MP] Add new VMSA rules: VMware Aria automation CVE-2025-22215, to VMSA-2025-0001
This release resolves CVE-2025-22231. For more on this vulnerability and its impact on VMware products, see VMSA-2025-0006.
The following CVEs have been resolved as of version 8.18 HF 5:
|
Component Name |
CVE |
|
7-Zip |
CVE-2016-7804 |
|
CVE-2017-17969 |
|
|
CVE-2018-10115 |
|
|
CVE-2018-10172 |
|
|
CVE-2018-5996 |
|
|
CVE-2022-29072 |
|
|
CVE-2023-31102 |
|
|
CVE-2024-11477 |
|
|
CVE-2025-0411 |
|
|
Bash |
CVE-2019-18276 |
|
GNU C Library |
CVE-2019-25013 |
|
CVE-2020-10029 |
|
|
CVE-2020-1752 |
|
|
CVE-2020-27618 |
|
|
CVE-2020-29562 |
|
|
CVE-2021-27645 |
|
|
CVE-2021-3326 |
|
|
CVE-2021-33574 |
|
|
CVE-2021-38604 |
|
|
CVE-2022-23218 |
|
|
CVE-2022-23219 |
|
|
CVE-2023-4813 |
|
|
RPM |
CVE-2021-3521 |
|
CVE-2021-35937 |
|
|
CVE-2021-35938 |
|
|
CVE-2021-35939 |
|
|
XZ Utils |
CVE-2020-22916 |
|
libexpat |
CVE-2022-43680 |
|
libnsl |
CVE-2023-4527 |
|
CVE-2023-4806 |
|
|
CVE-2023-4813 |
|
|
CVE-2023-4911 |
|
|
libxml2 |
CVE-2022-23308 |
|
CVE-2022-29824 |
|
|
CVE-2022-40303 |
|
|
CVE-2022-40304 |
|
|
lua |
CVE-2022-28805 |
|
CVE-2022-33099 |
|
|
ncurses |
CVE-2021-39537 |
|
CVE-2022-29458 |
|
|
CVE-2023-29491 |
|
|
p7zip |
CVE-2016-9296 |
|
CVE-2017-17969 |
|
|
CVE-2018-5996 |
|
|
CVE-2022-47069 |
|
|
util-linux |
CVE-2021-37600 |
|
CVE-2021-3995 |
|
|
CVE-2021-3996 |
|
|
CVE-2022-0563 |
|
|
vmware/photon |
CVE-2022-22942 |
|
zlib |
CVE-2018-25032 |
Environment
VMware Aria Operations 8.18
Resolution
VMware Aria Operations 8.18 Patch 5 can be applied to any 8.18.x environment.
Note: Upgrading from older versions directly to this Patch is not supported. You must upgrade to 8.18.x before applying this Patch.
Important: Take snapshots of each of the VMware Aria Operations nodes before applying the Patch by following How to take a Snapshot of VMware Aria Operations.
Prerequisites
- Download the patch that matches your environment version from the table below:
| Release Name | Release Date | Build Number | UI Build Number | File Name |
VMware-Aria-Operations-8.18- |
4-1-2025 | 24663027 | 24663033 |
vRealize_Operations_Manager_ |
| vrlcm-vrops-8.18.0-HF5 | 4-1-2025 | 24663027 | vrlcm-vrops-8.18.0-HF5.patch | |
| vrlcm-vrops-8.18.1-HF5 | 4-1-2025 | 24663027 | vrlcm-vrops-8.18.1-HF5.patch | |
| vrlcm-vrops-8.18.2-HF5 | 4-1-2025 | 24663027 | vrlcm-vrops-8.18.2-HF5.patch | |
| vrlcm-vrops-8.18.3-HF5 | 4-1-2025 | 24663027 | vrlcm-vrops-8.18.3-HF5.patch |
Note: You will need to login to the portal first to allow download of the file using the direct links above.
- Ensure you have valid backups or snapshots prior to proceeding with the Procedure below.
Procedure: Manual / Standalone
- Download the VMware Aria Operations 8.18 Hot Fix 5 PAK file from the Broadcom Support Portal.
- Log in to the primary node VMware Aria Operations Administrator interface of your cluster at https://primary-node-FQDN-or-IP-address/admin.
- Click Software Update in the left panel.
- Click Install a Software Update in the main panel.
- Follow the steps in the wizard to locate and install your PAK file.
- Install the product update PAK file.
- Wait for the software update to complete. When it does, the Administrator interface logs you out.
- Log back into the primary node Administrator interface.
- The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it.
- Clear the browser caches and if the browser page does not refresh automatically, refresh the page.
- The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.
- Click Software Update to check that the update is done.
- A message indicating that the update completed successfully appears in the main panel.
- Once the update has successfully completed, delete the snapshots you made before the software update.
Procedure: VMware Aria Suite Lifecycle 8.x Wrapped Patch for Aria Operations 8.18 HF5
- Download the Aria Suite Lifecycle wrapped patch for the applicable version.
- Follow the instructions in the hyperlink in the procedure title above.
Feedback
