vRealize Operations 8.4 Security Patch for VMSA-2021-0018

Products

VMware Aria Suite

Issue/Introduction

The vRealize Operations 8.4 Security Patch is a public Security Patch that addresses the vulnerabilities described in CVE-2021-22022, CVE-2021-22023, CVE-2021-22024, CVE-2021-22025, CVE-2021-22026 and CVE-2021-22027.

Refer to VMSA-2021-0018 for information about the security issues addressed in this update.
In addition, please refer to KB 85407 for a list of Frequently Asked Questions.

Environment

VMware vRealize Operations 8.4.x

Resolution

Download and install the correct Security Patch version that matches your version of vRealize Operations.

Download the vRealize Operations 8.4 Security Patch PAK file from the VMware Patch Portal.

Note: Select vRealize Operations Manager as the Product and select 8.4.0 as the version and click Search.
Select the option below.

Release Name	Release Date	Build Number	File Name
vROps-8.4.0-HF2	8/24/2021	18456797	vRealize_Operations_Manager_ProxyRC-8.4.0-to-8.4.0.18456797.pak

Log in to the primary node vRealize Operations Manager Administrator interface of your cluster at https://master-node-FQDN-or-IP-address/admin.
Click Software Update in the left panel.
Click Install a Software Update in the main panel.
Follow the steps in the wizard to locate and install your PAK file.
Install the product update PAK file.
Wait for the software update to complete. When it does, the Administrator interface logs you out.
Log back into the primary node Administrator interface.
The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it.
Clear the browser caches and if the browser page does not refresh automatically, refresh the page.
The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.

Note: If a cluster fails and the status changes to offline during the installation process of a PAK file update then some nodes become unavailable. To fix this, you can access the Administrator interface and manually take the cluster offline and click Finish Installation to continue the installation process.
Click Software Update to check that the update is done.
A message indicating that the update completed successfully appears in the main pane.

Once the update is complete delete the snapshots you made before the software update.

Additional Information

After installation, the build number displayed in the UI will be 18456799.

To get this security patch for other versions of vRealize Operations, see the articles below:
vRealize Operations 7.5 Security Patch for VMSA-2021-0018 (85378)
vRealize Operations 8.0.1 Security Patch for VMSA-2021-0018 (85379)
vRealize Operations 8.1.1 Security Patch for VMSA-2021-0018 (85380)
vRealize Operations 8.2 Security Patch for VMSA-2021-0018 (85381)
vRealize Operations 8.3 Security Patch for VMSA-2021-0018 (85382)
vRealize Operations Security Patch for VMSA-2021-0018 in vRealize Suite Lifecycle Manager (85452)

Impact/Risks:
Important:

Take snapshots of each of the vRealize Operations nodes before applying the Security Patch. See How to take a Snapshot of vRealize Operations for more information.
Download and run the attached APUAT-18484177.pak to run the Pre-Upgrade Readiness Assessment Tool for this Security Patch. Follow vRealize Operations Pre-Upgrade Readiness Assessment Tools (67311) for the latest instructions.

Attachments

APUAT-18484177 get_app