denpiero08, Author at ilerpong.com

VMSA-2025-0008 | VMware Aria Automation

By Lerpong Intaraworrapath | May 16th, 2025

VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25711

Advisory ID:	VMSA-2025-0008
Advisory Severity:	Important
CVSSv3 Range:	8.2
Synopsis:	VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
Issue date:	2025-05-12
Updated on:	2025-05-12 (Initial Advisory)
CVE(s)	CVE-2025-22249

Impacted Products:

VMware Aria Automation
VMware Cloud Foundation
VMware Telco Cloud Platform

Introduction:

A DOM based Cross-Site Scripting (XSS) vulnerability in VMware Aria Automation was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.

DOM based Cross-site scripting(XSS) vulnerability (CVE-2025-22249)

Description:

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.2.

Know Attack Vectors:

A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

Resolution:

To remediate CVE-2025-22249, apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Workarounds:

None.

Additional Documentation:

None.

Acknowledgements:

VMware would like to thank Bartosz Reginiak for reporting this issue to us.

Notes:

None.

Response Matrix:

Product	Version	Running On	CVE	CVSSv3	Severity	Fixed Version	Workarounds	Addition Documents
VMware Aria Automation	8.18.x	Any	CVE-2025-22249	8.2	Important	8.18.1 patch 2	None	None
VMware Cloud Foundation	5.x, 4.x	Any	CVE-2025-22249	8.2	Important	KB394224	None	None
VMware Telco Cloud Platform	5.x	Any	CVE-2025-22249	8.2	Important	8.18.1 patch 2	None	None

References:

Fixed Version(s) and Release Notes:
Downloads and Documentation

Additional Documentation:

None.

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22249

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Change Log:

2025-05-12: VMSA-2025-0008
Initial security advisory.

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25711

VMware Cloud Foundation 5.2.1 Poster

By Lerpong Intaraworrapath | 10th April 2025

VMware Cloud Foundation 5.2.1 Poster

https://www.vmware.com/docs/vmw-vcf-5-2-1-poster

VMSA-2025-0006 | VMware Aria Operations

By Lerpong Intaraworrapath | April 2nd, 2025

VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541

Advisory ID:	VMSA-2025-0006
Advisory Severity:	Important
CVSSv3 Range:	7.8
Synopsis:	VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
Issue date:	2025-04-01
Updated on:	2025-04-01 (Initial Advisory)
CVE(s)	CVE-2025-22231

Impacted Products:

VMware Aria Operations
VMware Cloud Foundation
VMware Telco Cloud Platform
VMware Telco Cloud Infrastructure

Introduction:

A local privilege escalation vulnerability in VMware Aria Operations was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.

Local Privilege escalation vulnerability (CVE-2025-22231)

Description:

VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

Known Attack Vectors:

A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.

Resolution:

To remediate CVE-2025-22231 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds:

None.

Additional Documentation:

None.

Acknowledgements:

VMware would like to thank thiscodecc of MoyunSec Vlab and Bing for reporting this issue to us.

Notes:

None.

Response Matrix:

Product	Version	Running On	CVE	CVSSv3	Severity	Fixed Version	Workarounds	Addition Documents
VMware Aria Operations	8.x	Any	CVE-2025-22231	7.8	Important	8.18 HF 5	None	None
VMware Cloud Foundation	5.x, 4.x	Any	CVE-2025-22231	7.8	Important	KB article	None	None
VMware Telco Cloud Platform	5.x, 4.x, 3.x	Any	CVE-2025-22231	7.8	Important	8.18 HF 5	None	None
VMware Telco Cloud Infrastructure	3.x, 2.x	Any	CVE-2025-22231	7.8	Important	8.18 HF 5	None	None

References:

Fixed Version(s) and Release Notes:
Downloads and Documentation

Additional Documentation:

None.

Mitre CVE Dictionary Links:

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Change Log:

2025-04-01: VMSA-2025-0006
Initial security advisory.

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541

VMSA-2025-0002 | VMware Avi Load Balancer

By Lerpong Intaraworrapath | March 18th, 2025

VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346

Advisory ID:	VMSA-2025-0002
Severity:	Important
CVSSv3 Range:	8.6
Synopsis:	VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
Issue date:	2025-01-28
Updated on:	2025-01-28 (Initial Advisory)
CVE(s)	CVE-2025-22217

Impacted Products:

VMware Avi Load Balancer

Introduction:

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.

Description:

VMware AVI Load Balancer contains an unauthenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.

Know Attack Vectors:

A malicious user with network access may be able to use specially crafted SQL queries to gain database access.

Resolution:

To remediate CVE-2025-22217 apply the patches to the Avi Controller listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Response Matrix:

Product	Version	Running On	CVE	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documents
VMware Avi Load Balancer	30.1.1	Any	CVE-2025-22217	8.6	Important	30.1.2-2p2	None	None
VMware Avi Load Balancer	30.1.2	Any	CVE-2025-22217	8.6	Important	30.1.2-2p2	None	None
VMware Avi Load Balancer	30.2.1	Any	CVE-2025-22217	8.6	Important	30.2.1-2p5	None	None
VMware Avi Load Balancer	30.2.2	Any	CVE-2025-22217	8.6	Important	30.2.2-2p2	None	None

References:

Fixed Version(s) and Release Notes:

30.1.1/30.1.2
https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html

30.2.1
https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html

30.2.2
https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html

Additional Documentation:

Version 22.x and 21.x are not vulnerable.
Version 30.1.1 must be upgraded to 30.1.2 or later before the patch can be applied.

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22217

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346

VMSA-2025-0001 | VMware Aria Automation

By Lerpong Intaraworrapath | March 11th, 2025

VMware Aria Automation update addresses a server side request forgery vulnerability (CVE-2025-22215)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25312

Advisory ID:	VMSA-2025-0001
Advisory Severity:	Moderate
CVSSv3 Range:	4.3
Synopsis:	VMware Aria Automation update addresses a server side request forgery vulnerability (CVE-2025-22215)
Issue date:	2025-01-07
Updated on:	2025-01-07
CVE(s)	CVE-2025022215

Impacted Products:

VMware Aria Automation
VMware Cloud Foundation

Introduction:

A server-side request forgery (SSRF) vulnerability in VMware Aria Automation was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.

Descriptions:

VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.

Known Attack Vectors:

A malicious actor with “Organization Member” access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.

Resolution:

To remediate CVE-2025-22215 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Response Matrix:

Product	Version	Running On	CVE	CVSSv3	Severity	Fixed Versions	Workarounds	Additional Documentations
VMware Aria Automation	8.x	Any	CVE-2025-22215	4.3	Moderate	8.18.1 patch 1	None	None
VMware Cloud Foundation	5.x, 4.x	Any	CVE-2025-22215	4.3	Moderate	KB 385294	None	None

References:

VMSA-2023-0007.1 | Upgrading VMware Aria Operations for Logs from 8.10.2 to 8.12.0

By Lerpong Intaraworrapath | September 7th ,2023

The version of the VMware Aria Operations for Logs (previously VMware vRealize Log Insight) program running on the remote system is 8.10.2. As a result, it is vulnerable to a remote code execution vulnerability caused by dangerous deserialization. An unauthenticated, a threat actor with network access to VMware Aria Operations for Logs can exploit this to execute arbitrary code as root.

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

Solution

The issue has been fixed on VMware Aria Operations for Logs 8.12.

How can you update VMware Aria Operations for Logs from 8.10.2 to 8.12.0?

*In this article, we will upgrade a VMware Aria Operations for Logs cluster of three nodes.

1.Download the VMware Aria Operations for Logs version 8.12.0 update file.

https://customerconnect.vmware.com/downloads/details?downloadGroup=OPLOGS-8120&productId=1419&rPId=103833

VMware Aria Operations for Logs 8.12 – Upgrade Package
VMware-vRealize-Log-Insight-8.12.0-21696970.pak
File size: 742.68 MB

2.Take a snapshot of three nodes in VMware Aria Operations for Logs.

3.Log in to VMware Aria Operations and navigate to “Configuration” and “Cluster“.

4.Select “UPGRADE CLUSTER“.

5.Cluster upgrade can only be performed when connected directly to the primary node.

6. You may navigate to “Configuration” and “Cluster” on the primary node, then click “UPGRADE CLUSTER” and choose an upgrade file..

7.Click “UPGRADE“

8.Click “ACCEPT“.

This image has an empty alt attribute; its file name is Screen-Shot-2566-09-05-at-13.05.09-1024x875.png

9.Upgrade Log Insight is now progress. (Do not refresh or leave this page)

10.One node of the VMware Aria Operations for Logs cluster has been successfully upgraded.

11.Log in to VMware Aria Operations for Logs master node to verify upgrade status.

Node 1 has been completed.

Node 2 has been completed.

Node 3 has been completed.

12.VMware Aria Operations for Logs has been updated successfully

13.Log in to VMware Aria Operations to verify the version.

14.Check the dashboard and additional integrations.

Reference

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

https://docs.vmware.com/en/VMware-Aria-Operations-for-Logs/8.12/rn/vmware-aria-operations-for-logs-812-release-notes/index.html

https://blogs.vmware.com/management/2023/04/whats-new-in-aria-operations-for-logs-8-12.html

Failed to deploy OVF package Throwable with Proxy enable

By Lerpong Intaraworrapath | July 11th ,2023

After upgrading vCenter Server from 7.0U2 to 7.0U3, I encountered an issue with my customer. They attempted to use vCenter Server to deploy an OVA file. They discovered the following error:

“Failed to deploy OVF package.ThrowableProxy.cause A general system error occurred: Transfer failed: Invalid response code: 400, note that HTTP/s proxy is configured for the transfer“

vCenter Server version 7.0.3.01400 build 21477706

Below are some additional workarounds.

Option 1 – Deploy through vSphere ESXi host

1.Login directly through vSphere ESXi host.

2.If you connect with your FQDN and you will still be unable to deploy the OVA file. Change the vSphere ESXi host login to an IP address and try again to deploy the OVA file.

Option 2 – Disable proxy setting in vCenter Server

1.In a Web browser, go to the vCenter Server Management Interface, https://appliance-IP-address-or-FQDN:5480.

Note:If you need to make changes to vCenter Server, we recommend taking a snapshot.

2.Login as root.

3.Go to the Networking section.

4.Click EDIT under the Proxy Setting section.

5.Uncheck both HTTPS and HTTP proxy enabled and click SAVE.

6.The OVA file will be successful.

However, we discovered a new issue in which we were unable to enable the proxy and input the proxy server into the proxy settings.

7.We follow the VMware KB81565 to bring proxy configuration back to vCenter Server.

7.1)Change the HTTPS PROXY settings.

7.2)We make a backup of the proxy file.

7.3)Change the /etc/sysconfig/proxy file. Change the HTTPS_PROXY line to update the value from https to http:

HTTPS_PROXY="https://proxy.domain:80/"

HTTPS_PROXY="http://proxy.domain:80/"

Note: The proxy URL is determined by your proxy server.

7.4)If you are using a version previous to 7.0 U1, restart the VCSA.Otherwise, use the command to restart services, then logout and log back in:

# service-control --stop --all && service-control --start --all

If the problems persist, we recommend submitting a support request to the VMware support staff.

Announcing VMware Cloud Foundation 5.0

By Lerpong Intaraworrapath | June 30th ,2023

VMware Cloud Foundation 5.0 is now available, as announced by the VMware Cloud Foundation team. This important platform update adds scalability, security, and other critical advancements to handle cloud scale infrastructure as a service (IaaS), easier on-premises cloud deployment, and enhanced cyberattack protection.

Software Building Blocks for the Private Cloud

SDDC Manager 5.0 (Cloud Builder 5.0)
vSphere 8.0 U1a (ESXi 8.0 U1a, vCenter 8.0 U1a)
vSAN 8.0 U1a (vSAN Witness 8.0 U1a)
NSX 4.1
vRealize Suite Lifecycle Manager* 8.10 Patch 1

SDDC Manager Enhancements

VMware Cloud Foundation 5.0 includes a new capability called Isolated SSO Workload Domains, allow administrators the option to configure new workload domains using a separate Single Sign On (SSO) instance.
This scenario is useful for large enterprises that need workload isolation and for Managed Service Providers (MSPs) who can allocate workload domains to different tenants with their own SSO domains. Isolated SSO domains are each configured with their own NSX instance. The added benefit is that configuring workload domains as an isolated workload domain also allows the option to configure a separate identity provider (Active Directory or LDAP).

Workload Domain Scaling also increases when using isolated workload domains from 15 to 25 workload domains within a single VMware Cloud Foundation instance. Note that workload domains configured to use the shared management domain SSO are still limited to a maximum of 15 domains. Additional scaling is made possible through the parallelization of tasks in order to reduce the time to add Workload Domains within a VMware Cloud Foundation instance.

VMware Cloud Foundation Platform and Scaling Enhancements

When one considers all of the new capabilities delivered within VMware Cloud Foundation 5.0, the platform and scale enhancements are probably the most highly anticipated customer feature requests, especially as they continue to scale their production of VMware Cloud Foundation environments. It is also important to emphasize that upgrades to VMware Cloud Foundation 5.0 are direct, customer led skip-level upgrades from VMware Cloud Foundation versions 4.3, 4.4 and 4.5.

More resources

https://blogs.vmware.com/cloud-foundation/2023/06/01/announcing-vmware-cloud-foundation-5-0/

https://blogs.vmware.com/cloud-foundation/?p=12521

https://blogs.vmware.com/cloud-foundation/2023/06/01/whats-new-with-vsphere-and-vsan-in-vmware-cloud-foundation-5-0/

https://blogs.vmware.com/cloud-foundation/2023/06/01/whats-new-with-nsx-in-vmware-cloud-foundation-5-0/

https://blogs.vmware.com/cloud-foundation/2023/06/01/whats-new-in-vrealize-suite-within-vmware-cloud-foundation-5-0/

https://docs.vmware.com/en/VMware-Cloud-Foundation/5.0/rn/vmware-cloud-foundation-50-release-notes/index.html

https://www.vmware.com/products/cloud-foundation.html

https://core.vmware.com/

VMSA-2023-0012 | Aria Operations for Networks (Formerly vRealize Network Insight)

By Lerpong Intaraworrapath | June 15th ,2023

Critical severity

Impacted Products

Aria Operations for Networks (Formerly vRealize Network Insight)

CVE(s)

CVE-2023-20887, CVE-2023-20888, CVE-2023-20889

Synopsis

VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-20887, CVE-2023-20888, CVE-2023-20889)

Introduction

Multiple vulnerabilities in Aria Operations for Networks were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products

Response Matrix

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Aria Operations Networks	6.x	Any	CVE-2023-20887, CVE-2023-20888, CVE-2023-20889	9.8, 9.1, 8.8	Critical	KB92684	None	N/A

References

Fixed Version(s) and Release Notes:

VMware Aria Operations for Networks 6.x HF: KB92684

Change Log

2023-06-07 VMSA-2023-0012

Initial security advisory.

VMware Security Advisories

http://www.vmware.com/security/advisories

https://www.vmware.com/security/advisories/VMSA-2023-0012.html

VMSA-2023-0007 | VMware Aria Operations for Logs (formerly vRealize Log Insight)

By Lerpong Intaraworrapath | May 27th ,2023

Critical severity

Impacted Products

VMware Aria Operations for Logs (formerly vRealize Log Insight).

CVE(s)

CVE-2023-20864, CVE-2023-20865

Synopsis

VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)

Introduction

Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products

Response Matrix

Product	Version	Running On	Fixed Version	Workarounds	Additional Documentation
VMware Aria Operations for Logs (Operations for Logs)	8.10.2, 8.10, 8.8.x, 8.6.x	Any	8.12	None	KB91831
VMware Cloud Foundation (VMware Aria Operations for Logs)	4.x	Any	KB91865	KB91865	KB91831

Change Log

2023-04-20 VMSA-2023-0007

Initial security advisory

VMware Security Advisories

http://www.vmware.com/security/advisories

https://www.vmware.com/security/advisories/VMSA-2023-0007.html