Plain Virtualization

Early this morning 11th Dec 2021, SGT, VMware has release a security advisory announcement for  VMSA-2021-0028 regarding a critical vulnerability in Apache Log4j identified by CVE-2021-44228 with a CVSSv3 full score rating of 10. Immediately, VMware has worked on several of the affected products that are affected with workaround or patches. As this is a full score rating, we likely to see VMware update workaround at least and release patches in the next few days. Do check back the page to see more updates. Do note that this is not a vulnerability specific to VMware. This is an Apache vulnerability. It is affecting all solutions that uses Apache. So do check out your environment and ensure all solutions used in your environment that do contain Apache Log4j is worked on. A FAQ site is also release for those with questions regarding this. If you are not aware do subscribe to VMware Security Advisory.

Important alert on CVE-2020-4006 as document here which has a maximum CVSSv3 base score of 7.2 which was discovered on 23rd Nov 2020. A workaround was first provided to mitigate this risk now a fix is available. In summary, this vulnerability allows an attacker who have got hold of the configuration admin account for the affected products to execute commands. The configuration admin account password is set during time of deployment. Affected Products: VMware Workspace One Access (Access) VMware Workspace One Access Connector (Access Connector) VMware Identity Manager (vIDM) VMware Identity Manager Connector (vIDM Connector) VMware Cloud Foundation vRealize Suite Lifecycle Manager  If you are using any of the products affected, do take sometime to remediate this as soon as possible.

So the new vSphere 6.0 has release, what is great on one of the functionality is the web client.  It has always be crawling since it was introduced in vSphere 5.0.  In vSphere 6.0, it was promised with great performance improvement and it was great! On day 0 daily operations activity, accessing the VM console is essential and often used.  When you launch the vSphere Web Client, you will be at the login page.  Below you will see the link to download the Client Integration Plug-in as shown below: After installing, you will be able to access the VM console after logging in.  Upon login, you will see the screen below when a VM is selected: Above you see the screenshot taken from Hands-on-Lab.  To access a VM console you will have selected the VM and on the right you will see the above.  Clicking on "Launch Console", will launch the VM console in a new tab\window of your browser.  However this link is invalid!  So how are you going to ...