The version of the VMware Aria Operations for Logs (previously VMware vRealize Log Insight) program running on the remote system is 8.10.2. As a result, it is vulnerable to a remote code execution vulnerability caused by dangerous deserialization. An unauthenticated, a threat actor with network access to VMware Aria Operations for Logs can exploit this to execute arbitrary code as root.
After upgrading vCenter Server from 7.0U2 to 7.0U3, I encountered an issue with my customer. They attempted to use vCenter Server to deploy an OVA file. They discovered the following error:
“Failed to deploy OVF package.ThrowableProxy.cause A general system error occurred: Transfer failed: Invalid response code: 400, note that HTTP/s proxy is configured for the transfer“
vCenter Server version 7.0.3.01400 build 21477706
Below are some additional workarounds.
Option 1 – Deploy through vSphere ESXi host
1.Login directly through vSphere ESXi host.
2.If you connect with your FQDN and you will still be unable to deploy the OVA file. Change the vSphere ESXi host login to an IP address and try again to deploy the OVA file.
Option 2 – Disable proxy setting in vCenter Server
1.In a Web browser, go to the vCenter Server Management Interface, https://appliance-IP-address-or-FQDN:5480.
Note:If you need to make changes to vCenter Server, we recommend taking a snapshot.
2.Login as root.
3.Go to the Networking section.
4.Click EDIT under the Proxy Setting section.
5.Uncheck both HTTPS and HTTP proxy enabled and click SAVE.
6.The OVA file will be successful.
However, we discovered a new issue in which we were unable to enable the proxy and input the proxy server into the proxy settings.
7.We follow the VMware KB81565 to bring proxy configuration back to vCenter Server.
7.1)Change the HTTPS PROXY settings.
7.2)We make a backup of the proxy file.
7.3)Change the /etc/sysconfig/proxy file. Change the HTTPS_PROXY line to update the value from https to http:
HTTPS_PROXY="https://proxy.domain:80/"
to
HTTPS_PROXY="http://proxy.domain:80/"
Note: The proxy URL is determined by your proxy server.
7.4)If you are using a version previous to 7.0 U1, restart the VCSA.Otherwise, use the command to restart services, then logout and log back in:
VMware Cloud Foundation 5.0 is now available, as announced by the VMware Cloud Foundation team. This important platform update adds scalability, security, and other critical advancements to handle cloud scale infrastructure as a service (IaaS), easier on-premises cloud deployment, and enhanced cyberattack protection.
Software Building Blocks for the Private Cloud
SDDC Manager 5.0 (Cloud Builder 5.0)
vSphere 8.0 U1a (ESXi 8.0 U1a, vCenter 8.0 U1a)
vSAN 8.0 U1a (vSAN Witness 8.0 U1a)
NSX 4.1
vRealize Suite Lifecycle Manager* 8.10 Patch 1
SDDC Manager Enhancements
VMware Cloud Foundation 5.0 includes a new capability called Isolated SSO Workload Domains, allow administrators the option to configure new workload domains using a separate Single Sign On (SSO) instance. This scenario is useful for large enterprises that need workload isolation and for Managed Service Providers (MSPs) who can allocate workload domains to different tenants with their own SSO domains. Isolated SSO domains are each configured with their own NSX instance. The added benefit is that configuring workload domains as an isolated workload domain also allows the option to configure a separate identity provider (Active Directory or LDAP).
Workload Domain Scaling also increases when using isolated workload domains from 15 to 25 workload domains within a single VMware Cloud Foundation instance. Note that workload domains configured to use the shared management domain SSO are still limited to a maximum of 15 domains. Additional scaling is made possible through the parallelization of tasks in order to reduce the time to add Workload Domains within a VMware Cloud Foundation instance.
VMware Cloud Foundation Platform and Scaling Enhancements
When one considers all of the new capabilities delivered within VMware Cloud Foundation 5.0, the platform and scale enhancements are probably the most highly anticipated customer feature requests, especially as they continue to scale their production of VMware Cloud Foundation environments. It is also important to emphasize that upgrades to VMware Cloud Foundation 5.0 are direct, customer led skip-level upgrades from VMware Cloud Foundation versions 4.3, 4.4 and 4.5.
Multiple vulnerabilities in Aria Operations for Networks were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products
VMware Aria Operations for Logs (formerly vRealize Log Insight).
CVE(s)
CVE-2023-20864, CVE-2023-20865
Synopsis
VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)
Introduction
Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products
Response Matrix
Product
Version
Running On
Fixed Version
Workarounds
Additional Documentation
VMware Aria Operations for Logs (Operations for Logs)
VMware has announced the official renaming of all products in our cloud management family to VMware Aria.
What is VMware Aria?
A unified management solution for cloud native applications and multi-cloud.
VMware Aria, a multi-cloud management portfolio that provides a set of end-to-end solutions for managing the cost, performance, configuration, and delivery of infrastructure and applications. Expressly designed for the operational challenges of cloud-native applications and public cloud environments, VMware Aria truly delivers a wholly new perspective on multi-cloud management.
The VMware Aria Product List
Previous Name
New Name
Automation
vRealize Automation / Cloud
VMware Aria Automation
VMware Cloud Assembly
VMware Aria Automation Assembler
VMware Service Broker
VMware Aria Automation Service Broker
VMware Code Stream
VMware Aria Automation Pipelines
VMware Cloud Templates
VMware Aria Automation Templates
vRealize Orchestrator
VMware Aria Automation Orchestrator
vRealize Automation SaltStack Config
VMware Aria Automation Config
vRealize Automation SaltStack SecOps
VMware Aria Automation for Secure Hosts
CloudHealth Secure State
VMware Aria Automation for Secure Clouds
Operations
vRealize Operations / Cloud
VMware Aria Operations
vRealize Log Insight / Cloud
VMware Aria Operations for Logs
vRealize Network Insight / Cloud
VMware Aria Operations for Networks
Tanzu Observability by Wavefront
VMware Aria Operations for Applications
vRealize True Visibility Suite
VMware Aria Operations for Integrations
Cost
CloudHealth
VMware Aria Cost powered by CloudHealth
Suites
vRealize Cloud Universal
VMware Aria Universal Suite
vRealize Suite
VMware Aria Suite
vCloud Suite
VMware vCloud Suite
CloudHealth by VMware Suite
Discontinued Name
CloudHealth Partner Platform
Discontinued Name – see Aria Cost powered by CloudHealth
Platform & Cross-Cloud Services
Project Ensemble
VMware Aria Hub
New
VMware Aria Graph
vRealize Migration Manager
VMware Aria Migration
vRealize Automation Cloud Guardrails
VMware Aria Guardrails
Project Ensemble Insights
VMware Aria Business Insights
Other
Skyline
VMware Skyline
vRealize Suite Lifecycle Manager
VMware Aria Suite Lifecycle
vRealize Cloud Subscription Manager
VMware Aria Hub Subscription
vRealize AI Cloud
Discontinued Name – functionality now part of Aria Hub
Reference:
Please see the links listed below for further information about VMware Aria and the portfolio products.
In this article, we will demonstrate you how to upgrade VMware Aria Operations for Logs (formerly vRealize Log Insight) version 8.6.2 to 8.10.2 using VMware Aria Suite Lifecycle (formerly vRealize Suite Lifecycle Manager) version 8.10.0.
Prerequisite.
The VMware Aria Suite Lifecycle version must be supported in order to upgrade of VMware Aria Operations for Logs to version 8.10.2.
As suggested by the support pack, you must upgrade pack for VMware Aria Suite Lifecycle to pack 6 (alternatively you may update to the most recent support pack).
Noted: Whenever possible, we recommend upgrading the pack to the newest version.
Noted: In this article, we had upgraded VMware Aria Suite Lifecycle to 8.10.0 Pack7
We can see from the upgrade path that VMware Aria Operations for Logs 8.6.2 requires an update to 8.8.2 and subsequently to version 8.10.2. (8.6.2->8.8.2->8.10.2)
To reduce the upgrading procedure and internet connection from VMware Aria Suite Lifecycle, we downloaded 2 ISO images for VMware Aria Operations for Logs versions 8.8.2 and 8.10.2.
Step-by-Step instruction how to upgrade VMware Aria Operations for Logs
1.After downloading VMware Aria Operations for Logs iso images for versions 8.8.2 and 8.10.2. We transferred the image to the /data/temp directory of the VMware Aria Suite Lifecycle appliance. Note: VMware recommends SCP protocol to transfer the file to the appliance. Tools such as winscp can also be used to transfer the file to the appliance.
2.Login to VMware Aria Suite Lifecycle, click “Environment” and then pick “vRealize Log Insight” to verify the version.
3.Choose “Setting” then “Binary Mapping” to confirm the product appear in the Binary Mapping list.
4.Click “ADD BINARIES“.
5.Choose “Local” as the location type. Enter “/data/temp” in the base location and press “DISCOVER“.
6.The list of product binaries will show below. Tick the box next to “VMware-vRealize-Log-Insight-8.8.2-20056468.pak” and type “upgrade” and then click “ADD“.
7.You can see the status of product mapping request by “Click here“.
8.Step 4 should be repeated to include “VMware-vRealize-Log-Insight-8.10.2-21145187.pak” and enter “upgrade”.
9.There will be 2 files in binary mapping upgrade for VMware Aria Operations for Log.
10.Log in to VMware Aria Operations for Log to check the version and the status of the cluster (3 nodes’ statuses must be displayed as connected.).
11.Back to VMware Aria Suite Lifecycle and, after choosing “Environment,” click “VIEW DETAILS” in vRealize Log Insight.
12.Choose “Trigger Inventory Sync” by clicking the 3 dots.
13.Wait until the sync is complete.
14.Back to VMware Aria Suite Lifecycle and, after choosing “Environment,” click “VIEW DETAILS” in vRealize Log Insight.
15.Select “UPGRADE“.
16.Click “PROCEED“.
17.Choose version 8.8.2 from the drop down menu.
18. Click the box to take a snapshot and then click “NEXT“.
19.Click “RUN PRECHECK“.
20.Read the “PRECHECK” report to check if there are any warnings or errors (you may download the report).
21.Read the upgrade summary and then click “SUBMIT“.
22.Upgrade in progress and wait from stage 1 to stage 10.
23.Login to VMware Aria Operations for Logs to view status and version.
24.Following the completion of the upgrade from 8.6.2 to 8.8.2, the next stage will be to upgrade from 8.8.2 to 8.10.2.
25.Repeat the step 15 and proceed to choose version 8.10.2.
26.Login to VMware Aria Operations for Logs to view status and version.
Guidance and Technical Recommendations.
vRealize Log Insight provides intelligent log management for infrastructure and applications in any environment. This highly scalable log management solution delivers intuitive, actionable dashboards, sophisticated analytics, and broad third-party extensibility across physical, virtual, and cloud environments. Update to the newest version to take advantage of new features, improve security, and get support for a new product.
VMware issued a security alert for VMware vRealize Operations (vROps) due to the VMSA-2022-0034 severity. According to the advisory, VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities (CVE-2022-31707, CVE-2022-31708).
Solution
To remediate CVE-2022-31707 apply the fixes listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
4.Choose the product and version, then press the “Search” button.
Product: vRealize Operations Manager Version: 8.6
5.The “vROps-8.6-HF8” will be shown. Verify and validate the KB90232 patch file, then click “DOWNLOAD NOW.”.
6.Once the file download and snapshot have been completed, Log in to the vRealize Operations Manager administration interface
https://master-node-name-or-ip-address/admin.
7.Click “Software Update“.
8.Click “Install a Software Update“.
9.Go through the pack file you already downloaded.
10.Click “UPLOAD” after you’ve browsed the pack file.
11.The pack file had been uploaded. Click “NEXT”.
12.To accept the EULA, tick the box, then click “NEXT“.
13.After reading the release notes, click “NEXT”.
14.To install software, Click “INSTALL”.
15.The Administrator interface logs you out. Return to the primary node Administrator interface. In the left side, click Software Update. The update patch status will be shown.
16.Waiting for the pack to be installed.
17.Refresh the page. The cluster status is changed to Online.
18.Once the upgrade is finished, delete the snapshots you took prior to the software update.
Guidance and Technical Recommendations.
VMware security advisory with critical security severity for VMware vRealize Operations was released. A major vulnerability was discovered in VMware vRealize Operations. Using administrator rights in the vROps application, a malicious actor can get root access to the underlying operating system. We advise applying the patch or upgrading to the patched version to preventing a malicious attacker from accessing critical information in the vROps.
In this article, we are planning to upgrade vCenter Server appliance version 7.0.2.00500 build number 18455184 (vCenter Server 7.0 Update 2d) to vCenter Server 7.0 Update 3g (7.0.3.00800) build number 20150588 or higher.
Before upgrading vCenter Server, we must first check its health status by logging onto https://vCenter-Server-FQDN:5480
User: root Password: xxxxx
After login to vCenter Server appliance, go to summary and check on the “Health Status”.
We discovered that “Overall Health” displays a yellow alert warning on “Storage“.
Expand “Storage“, we found alert show “File system /storage/log is low on storage space increase the size of disk /storage/log“
Go to “Monitor“, then “Disks“, and see which hard disks have alerts.
Hard drive 5 (log) has a utilization rate of more than 80%.
Run “df-h” command to display file system disk space statistics in “human-readable” format.
Return to the vCenter Server web client. There was no snapshot on the vCenter Server appliance.
Right-click vCenter Server and choose “Edit Settings“.
Select Hard disks and expand Hard disk 5.
We will increase the size of hard disk 5 from 25 GB to 30 GB and then click OK.
Log in to the vCenter Server Appliance through SSH.
When we use the vSphere Web Client to connect to vCenter Server appliance 7.x. We are unable to access with the message “HTTP Status 500 – Internal Server Error.“
Steps to resolving these issues.
1.SSH into the vCenter Server appliance.
2.To see the status certificate expiration date, use the command below. for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done
3.You will see an output similar to:
4.As you can see, the Machine SSL certificate expires on September 1 06:40:37 2022 GMT.
5.The Name, Hostname and VMCA values should match the PNID of the Node where you are replacing the Certificates. PNID should always match the Hostname. In order to obtain the PNID please run these commands: /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost
6.Run command below to replace “Machine SSL certificate”. /usr/lib/vmware-vmca/bin/certificate-manager
7.You will have the option to replace or reset the certificate with in output.
Please keep in mind that this command may be used with both vCenter Server appliances 6.x and 7.x.
8.To replace Machine SSL certificate with VMCA Certificate, we choose option 3.
9.Provide credential
10.Enter these values as prompted by the VMCA (See Step 5 to confirm the Name/Hostname/VMCA):
11.To proceed, answer Yes (Y) to the confirmation request.
12.Wait till the status is 100% completed.
13.Re-run command to check Machine SSL certificate for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done
14.Machine SSL certificate has been updated to August 31 12:14:11 2024 GMT.
