Posts

Showing posts from August, 2021

August pack of things: Security Vulnerabilities, VMware Expert 2021, VMworld 2021, and more

Critical Security Vulnerability Workspace One Access and vRealize Automation VMware has release a security notice VMSA-2021-0016 in regards to Workspace One Access (WOA) i.e VMware Identity Manager (vIDM) with a CVSSv3 base score of 8.6 . It is encourage to apply the patch or workaround as soon as possible. This also applies to vRealize Automation that has embedded vIDM aka WOA. Server Side Request Forgery in vRealize Operations Manager API ( CVE-2021-21975 ) This is impacting vRealize Operations Manager which can be a standalone product, in VMware Cloud Foundation or vCloud Suite and deployed by vRealize Suite Lifecycle Manager. It has a CVSSv3 base score of 8.6 which is highly critical. This allows authenticated user via API to vROps the permission to write files directly locally to the underlying OS, Photon.  VMware vExpert 2021 Second Half Congrats to all new vExpert 2021 from Second Half announcement . It is not easy to have such a big community with everyone contributing without

VMware vSphere License Expiry

Recently recent questions on the impact with license expiry. Especially important when most licensing are going into subscription model. But regardless of the license type, the effect are the same. Let just dive right in. During vSphere 5, I did an article regarding this issue where license expires on vCenter Server. The KB that was describing it has also been removed. The functions are partially working as stated. In fact, in vSphere 5.5, this has been documented . Today with vSphere 7, vCenter Server expiry of license is now shown in the doc . As well for the ESXi Server is documented . It is a now a clear cut that all ESXi hosts will be disconnected which also means no vSphere HA or vSphere DRS will work since this requires the hosts to be managed by vCenter Server. For other solutions, please check the respective documentation of the products to have a better understanding.