This article provides information on Security Patches that resolves Server-side request forgery holes in vRealize Operations.

The vRealize Operations Security Patches is a public Security Patch that resolves Server-side request forgery holes in vRealize Operations.
Refer to the VMSA-2021-0004 for information about the security issues addressed in this update.

For vRealize Operations appliances deployed using vRealize Suite Lifecycle Manager, please follow the below mentioned steps:

• The patches for vRealize Operations Manager will be Generally Available for application via vRealize Suite Lifecycle Manager.
• The patches will be available in both online and offline modes.
  • ONLINE: Customers whose appliances are connected to Internet will receive notifications about the patch and will be able to seamlessly deploy them from vRSLCM.

1. Click on CHECK PATCHES ONLINE  from Settings-> Binary Mapping->Patch Binaries.

2. Verify if vROPS version you want to download Patch is listed, See Settings->Product Support Pack. If the vROPS version is higher than listed vROPS version you need to check for product support pack of vRSLCM.

• OFFLINE: Customers can download the offline patch bundle from Customer Connect patch portal and deploy the patch using vRSLCM. Please select vRealize Suite Life Cycle Manager as the product and vRealize from the drop down. Download the patch file and upload it to vRSLCM.