vRealize Operations 6.7 and 7.0 Workaround for VMSA-2021-0004
Article ID: 342709
Updated On:
Products
VMware Aria Suite
Issue/Introduction
This article provides workaround steps for vRealize Operations 6.7 and 7.0 to address the vulnerabilities described in CVE-2021-21975 and CVE-2021-21983
Refer to VMSA-2021-0004 for information about the security issues addressed.
In addition, please refer to KB 83265 for a list of Frequently Asked Questions.
Refer to VMSA-2021-0004 for information about the security issues addressed.
In addition, please refer to KB 83265 for a list of Frequently Asked Questions.
Environment
VMware vRealize Operations Manager 7.0.x
VMware vRealize Operations Manager 6.7.x
VMware vRealize Operations Manager 6.7.x
Resolution
This issue is resolved with Security Patches for vRealize Operations 7.5, 8.0.1, 8.1.1, 8.2, and 8.3. See VMSA-2021-0004 for more information.
Workaround:
The following steps can be taken to workaround the issue.
There is no impact to vRealize Operations when applying this workaround.
To work around this issue in vRealize Operations, remove a configuration line from casa-security-context.xml.
Workaround:
The following steps can be taken to workaround the issue.
There is no impact to vRealize Operations when applying this workaround.
To work around this issue in vRealize Operations, remove a configuration line from casa-security-context.xml.
- Log into the Primary node as root via SSH or Console, pressing ALT+F1 in a Console to log in.
- Open /usr/lib/vmware-casa/casa-webapp/webapps/casa/WEB-INF/classes/spring/casa-security-context.xml in a text editor.
- Find and remove the line that reads:
<sec:http pattern="/nodes/thumbprints" security='none'/>
- Save and close the file.
- Restart the CaSA service:
service vmware-casa restart
- Repeat steps 1-5 on all other nodes in the vRealize Operations cluster.
Additional Information
To get this security patch for other versions of vRealize Operations, see the articles below:
vRealize Operations 7.5 Security Patch for VMSA-2021-0004 (82367)
vRealize Operations 8.0.1 Security Patch for VMSA-2021-0004 (83093)
vRealize Operations 8.1.1 Security Patch for VMSA-2021-0004 (83094)
vRealize Operations 8.2 Security Patch for VMSA-2021-0004 (83095)
vRealize Operations 8.3 Security Patch for VMSA-2021-0004 (83210)
Impact/Risks:
If you upgrade to a later release than the Security Patch versions described in VMSA-2021-0004, the changes in the Security Patch will already be included.
vRealize Operations 7.5 Security Patch for VMSA-2021-0004 (82367)
vRealize Operations 8.0.1 Security Patch for VMSA-2021-0004 (83093)
vRealize Operations 8.1.1 Security Patch for VMSA-2021-0004 (83094)
vRealize Operations 8.2 Security Patch for VMSA-2021-0004 (83095)
vRealize Operations 8.3 Security Patch for VMSA-2021-0004 (83210)
Impact/Risks:
If you upgrade to a later release than the Security Patch versions described in VMSA-2021-0004, the changes in the Security Patch will already be included.
Feedback
Yes
No
Powered by
