This issue is resolved with Security Patches for vRealize Operations 7.5, 8.0.1, 8.1.1, 8.2, and 8.3. See
VMSA-2021-0004 for more information.
Workaround:
The following steps can be taken to workaround the issue.
There is no impact to vRealize Operations when applying this workaround.
To work around this issue in vRealize Operations, remove a configuration line from
casa-security-context.xml.
- Log into the Primary node as root via SSH or Console, pressing ALT+F1 in a Console to log in.
- Open /usr/lib/vmware-casa/casa-webapp/webapps/casa/WEB-INF/classes/spring/casa-security-context.xml in a text editor.
- Find and remove the line that reads:
<sec:http pattern="/nodes/thumbprints" security='none'/>
- Save and close the file.
- Restart the CaSA service:
service vmware-casa restart
- Repeat steps 1-5 on all other nodes in the vRealize Operations cluster.