This article details the frequently asked questions regarding VMSA-2021-0004 in relation to vRealize Operations.

VMware vRealize Operations 8.x
VMware vRealize Operations 8.3.x
VMware vRealize Operations 8.2.x
VMware vRealize Operations 8.1.x
VMware vRealize Operations Manager 7.5.x
VMware vRealize Operations Manager 7.0.x
VMware vRealize Operations 8.0.x

FAQ

Q: Who or what is exposed to this vulnerability?
A:  All customers running an impacted version of vRealize Operations.
 
Q: How do I determine if an installation is vulnerable?
A: Any deployment of vRealize Operations build prior to the Fixed Version (VMSA-2021-0004) is affected. 
     vRealize Operations releases after 8.3 will not be impacted by this vulnerability.
 
Q: What do I need to do to eliminate this vulnerability?
A: VMware recommends that customers on an affected release of vRealize Operations update to the corresponding fixed version in VMSA-2021-0004. 
 
Q: I don't want to or can't patch/upgrade.  Are there other options to remediate?
A: Yes, the corresponding KB article details workaround instructions.  For greater detail, see the corresponding KB articles linked below or in VMSA-2021-0004. 
 
Q: What is the impact of implementing the workaround ?
A: There is no impact.  No functionality will be affected by modifying the XML file as detailed in the KB articles.

Q: Are EoGS versions such as vRealize Operations 6.7 impacted?
A. We cannot publish information on EoS product lines.

For more information, see VMSA-2021-0004.

To get the security patch for vRealize Operations, see the articles below:
vRealize Operations 6.7 and 7.0 Workaround for VMSA-2021-0004 (83287)
vRealize Operations 7.5 Security Patch for VMSA-2021-0004 (82367)
vRealize Operations 8.0.1 Security Patch for VMSA-2021-0004 (83093)
vRealize Operations 8.1.1 Security Patch for VMSA-2021-0004 (83094)
vRealize Operations 8.2 Security Patch for VMSA-2021-0004 (83095)
vRealize Operations 8.3 Security Patch for VMSA-2021-0004 (83210)