vRealize Operations 8.5 Hot Fix 5
search cancel

vRealize Operations 8.5 Hot Fix 5


Article ID: 337303


Updated On:


VMware Aria Suite


vRealize Operations 8.5 Hot Fix 5 is a public Hot Fix that addresses the following issues:
  • Apache log4j has been updated to version 2.16 to resolve CVE-2021-44228 and CVE-2021-45046.
Note: For more information on these vulnerabilities and their impact on VMware products please see VMSA-2021-0028.
  • SSRF in httpd apache CVE-2021-40438 in vRealize Operations
    • Updates Apache httpd which addresses CVE-2021-40438. VMware would like to thank stea9 and Ry for alerting us to this CVE.


VMware vRealize Operations 8.5.x


vRealize Operations 8.5 Hot Fix 5 can be applied to any 8.5 environment.
Note: Upgrading from older versions directly to this Hot Fix is not supported.  You must upgrade to 8.5 before applying this Hot Fix.

Important: Take snapshots of each of the vRealize Operations nodes before applying the Hot Fix by following How to take a Snapshot of vRealize Operations.

  1. Download the vRealize Operations 8.5 Hot Fix 5 PAK file from the Broadcom Support Portal.
Note: You will need to login to the portal first then click the link above in order to allow download of the file.

Release Name Release Date Build Number File Name
vROps-8.5.0-HF5 1/03/2022 19111608 vRealize_Operations_Manager_HF-8.5.0-to-
  1. Log in to the primary node vRealize Operations Manager Administrator interface of your cluster at https://master-node-FQDN-or-IP-address/admin.
  2. Click Software Update in the left panel.
  3. Click Install a Software Update in the main panel.
  4. Follow the steps in the wizard to locate and install your PAK file.
  5. Install the product update PAK file.
    Wait for the software update to complete. When it does, the Administrator interface logs you out.
  6. Log back into the primary node Administrator interface.
    The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it.
  7. Clear the browser caches and if the browser page does not refresh automatically, refresh the page.
    The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.

    Note: If a cluster fails and the status changes to offline during the installation process of a PAK file update then some nodes become unavailable. To fix this, you can access the Administrator interface and manually take the cluster offline and click Finish Installation to continue the installation process.
  8. Click Software Update to check that the update is done.
    A message indicating that the update completed successfully appears in the main pane.

Once the update is complete delete the snapshots you made before the software update.

Additional Information

Take snapshots of each of the vRealize Operations nodes before applying the Hot Fix.
See How to take a Snapshot of vRealize Operations for more information.

Note: This Hot Fix is not applicable for non-native and Third Party Management Packs.  Non-native and Third Party Management Packs should be upgraded to safe versions.  Failure to do so could leave vRealize Operations vulnerable due to these management packs introducing the security risk.