vRealize Operations 8.2 Security Patch for VMSA-2021-0004
search cancel

vRealize Operations 8.2 Security Patch for VMSA-2021-0004


Article ID: 315919


Updated On:


VMware Aria Suite


The vRealize Operations 8.2 Security Patch is a public Security Patch that addresses the vulnerabilities described in CVE-2021-21975 and CVE-2021-21983

Refer to VMSA-2021-0004 for information about the security issues addressed in this update.
In addition, please refer to KB 83265 for a list of Frequently Asked Questions.


VMware vRealize Operations 8.2.x


Note: The hotfixes previously mentioned in this advisory were found to only have partially resolved CVE-2021-21975 leaving a residual risk of moderate severity (CVSS = 4.3).  Hotfixes created to resolve the vulnerabilities documented in VMSA-2021-0018 also include complete fixes for CVE-2021-21975.

If the patch cannot be installed, or there is no patch for your version of vRealize Operations, the following steps can be taken to workaround the issue.  There is no impact to vRealize Operations when applying this workaround.

To work around this issue in vRealize Operations 8.2, remove a configuration line from casa-security-context.xml.
  1. Log into the Primary node as root via SSH or Console, pressing ALT+F1 in a Console to log in.
  2. Open /usr/lib/vmware-casa/casa-webapp/webapps/casa/WEB-INF/classes/spring/casa-security-context.xml in a text editor.
  3. Find and remove the line that reads:
<sec:http pattern="/nodes/thumbprints" security='none'/>
  1. Save and close the file.
  2. Restart the CaSA service:
service vmware-casa restart
  1. Repeat steps 1-5 on all other nodes in the vRealize Operations cluster.

Additional Information

After installation, the build number displayed in the UI will be 17771780.

To get this security patch for other versions of vRealize Operations, see the articles below:
vRealize Operations 6.7 and 7.0 Workaround for VMSA-2021-0004 (83287)
vRealize Operations 7.5 Security Patch for VMSA-2021-0004 (82367)
vRealize Operations 8.0.1 Security Patch for VMSA-2021-0004 (83093)
vRealize Operations 8.1.1 Security Patch for VMSA-2021-0004 (83094)
vRealize Operations 8.3 Security Patch for VMSA-2021-0004 (83210)

If you upgrade to a later release, the changes in the Security Patch will already be included.