VMware Aria Operations 8.12 Hot Fix 5
Article ID: 336695
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
This hot fix resolves CVE-2023-34043.
For more information on this vulnerability and the impact on VMware products, see VMSA-2023-0020.
VMware Aria Operations 8.12 Hot Fix 5 is a public Hot Fix that addresses the following issues:
For more information on this vulnerability and the impact on VMware products, see VMSA-2023-0020.
VMware Aria Operations 8.12 Hot Fix 5 is a public Hot Fix that addresses the following issues:
- Wrong metrics result when selecting a VDC Organization object type in Policies page.
- View is excluding content based on instance break down column.
- Provide "Cost Driver View Page" access to "Adapter" and "Maintenance" internal users.
- [App Monitoring] The remote collector is allowed to select from the "Installing Telegraf Agent" wizard.
- "Power consumption" widget in the sustainability page is not displaying data.
- Fix returning empty ServiceConfigurations() object when no services are discovered in AppOsManager.
- After Alert or Supermetric changes Policy assignment does not stay reverts back to previous option.
- Cloud Proxy Collector obsolete tasks not being deleted properly.
- Cloud Zone Limits Metrics on Project Resource is missing metric updates intermittently.
- Getting Forbidden error when trying to access <IP>/casa/api-guide.html.
| Component | CVE |
|---|---|
| apr | CVE-2022-24963 |
| CVE-2022-28331 | |
| com.sun.jersey:jersey-core | CVE-2014-3643 |
| com.thoughtworks.xstream:xstream | CVE-2022-40151 |
| CVE-2022-40152 | |
| CVE-2022-41966 | |
| commons-fileupload:commons-fileupload | CVE-2023-24998 |
| elfutils | CVE-2021-33294 |
| grub2 | CVE-2021-3697 |
| CVE-2022-28735 | |
| CVE-2022-28736 | |
| haproxy | CVE-2021-39241 |
| CVE-2023-40225 | |
| jdk-liberica | CVE-2023-21930 |
| CVE-2023-21937 | |
| CVE-2023-21938 | |
| CVE-2023-21939 | |
| CVE-2023-21954 | |
| CVE-2023-21967 | |
| CVE-2023-21968 | |
| CVE-2023-22006 | |
| CVE-2023-22036 | |
| CVE-2023-22045 | |
| CVE-2023-22049 | |
| jvm-hotspot-openjdk | CVE-2023-21930 |
| CVE-2023-21937 | |
| CVE-2023-21938 | |
| CVE-2023-21939 | |
| CVE-2023-21954 | |
| CVE-2023-21967 | |
| CVE-2023-21968 | |
| CVE-2023-22006 | |
| CVE-2023-22036 | |
| CVE-2023-22045 | |
| CVE-2023-22049 | |
| kerberos | CVE-2023-36054 |
| libcap | CVE-2023-2602 |
| CVE-2023-2603 | |
| linux_kernel | CVE-2023-1582 |
| CVE-2023-2430 | |
| CVE-2023-3111 | |
| CVE-2023-3338 | |
| CVE-2023-34319 | |
| CVE-2023-3609 | |
| CVE-2023-38427 | |
| CVE-2023-38428 | |
| CVE-2023-4132 | |
| lua | CVE-2020-24370 |
| CVE-2021-44647 | |
| mongoose | CVE-2020-25887 |
| net.minidev:json-smart | CVE-2023-1370 |
| nss | CVE-2019-11729 |
| CVE-2019-11745 | |
| okio | CVE-2023-3635 |
| openldap | CVE-2023-2953 |
| openssh | CVE-2023-38408 |
| openssl | CVE-2018-0735 |
| CVE-2019-1543 | |
| CVE-2019-1549 | |
| CVE-2021-3449 | |
| CVE-2021-3711 | |
| CVE-2021-4160 | |
| CVE-2022-2097 | |
| org.apache.struts:struts2-core | CVE-2023-34149 |
| CVE-2023-34396 | |
| python | CVE-2015-20107 |
| CVE-2022-45061 | |
| CVE-2023-24329 | |
| sqlite3 | CVE-2021-31239 |
| sudo | CVE-2023-28486 |
| CVE-2023-28487 | |
| webkit | CVE-2023-40397 |
Environment
VMware Aria Operations 8.12.x
Resolution
vRealize Operations 8.12 Hot Fix 5 includes all the fixes delivered in Patch Releases/Hot Fixes released prior and can be applied to any 8.12.x environment.
Note: Upgrading from older versions directly to this Hot Fix is not supported. You must upgrade to 8.12.x before applying this Hot Fix.
Important: Take snapshots of each of the VMware Aria Operations nodes before applying the Hot Fix by following How to take a Snapshot of VMware Aria Operations.
- Download the VMware Aria Operations 8.12 Hot Fix 5 PAK file from the VMware Downloading patches, PSPAKs, and hotfixes from Broadcom Support Portal for Aria Suite products.
Note: Select VMware Aria Operations as the Product and select 8.12 as the version and click Search.
Select the option below.
Select the option below.
| Release Name | Release Date | Build Number | UI Build Number | File Name |
|---|---|---|---|---|
| VMware-Aria-Operations-8.12-HF5 | 9/26/2023 | 22482700 | 22481587 | vRealize_Operations_Manager_With_CP-8.x-to-8.12.1.22482700.pak |
- Log in to the primary node VMware Aria Operations Administrator interface of your cluster at https://master-node-FQDN-or-IP-address/admin.
- Click Software Update in the left panel.
- Click Install a Software Update in the main panel.
- Follow the steps in the wizard to locate and install your PAK file.
- Install the product update PAK file.
Wait for the software update to complete. When it does, the Administrator interface logs you out. - Log back into the primary node Administrator interface.
The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it. - Clear the browser caches and if the browser page does not refresh automatically, refresh the page.
The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.
Note: If a cluster fails and the status changes to offline during the installation process of a PAK file update then some nodes become unavailable. To fix this, you can access the Administrator interface and manually take the cluster offline and click Finish Installation to continue the installation process.
- Click Software Update to check that the update is done.
A message indicating that the update completed successfully appears in the main pane.
Once the update is complete delete the snapshots you made before the software update.
Feedback
Yes
No
Powered by
