VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
Issue date:
2025-01-28
Updated on:
2025-01-28 (Initial Advisory)
CVE(s)
CVE-2025-22217
Impacted Products:
VMware Avi Load Balancer
Introduction:
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.
Description:
VMware AVI Load Balancer contains an unauthenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.
Know Attack Vectors:
A malicious user with network access may be able to use specially crafted SQL queries to gain database access.
Resolution:
To remediate CVE-2025-22217 apply the patches to the Avi Controller listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
VMware Aria Automation update addresses a server side request forgery vulnerability (CVE-2025-22215)
Issue date:
2025-01-07
Updated on:
2025-01-07
CVE(s)
CVE-2025022215
Impacted Products:
VMware Aria Automation
VMware Cloud Foundation
Introduction:
A server-side request forgery (SSRF) vulnerability in VMware Aria Automation was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.
Descriptions:
VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.
Known Attack Vectors:
A malicious actor with “Organization Member” access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.
Resolution:
To remediate CVE-2025-22215 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Multiple vulnerabilities in Aria Operations for Networks were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products
VMware Aria Operations for Logs (formerly vRealize Log Insight).
CVE(s)
CVE-2023-20864, CVE-2023-20865
Synopsis
VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)
Introduction
Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products
Response Matrix
Product
Version
Running On
Fixed Version
Workarounds
Additional Documentation
VMware Aria Operations for Logs (Operations for Logs)
VMware issued a security alert for VMware vRealize Operations (vROps) due to the VMSA-2022-0034 severity. According to the advisory, VMware vRealize Operations (vROps) updates address privilege escalation vulnerabilities (CVE-2022-31707, CVE-2022-31708).
Solution
To remediate CVE-2022-31707 apply the fixes listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
4.Choose the product and version, then press the “Search” button.
Product: vRealize Operations Manager Version: 8.6
5.The “vROps-8.6-HF8” will be shown. Verify and validate the KB90232 patch file, then click “DOWNLOAD NOW.”.
6.Once the file download and snapshot have been completed, Log in to the vRealize Operations Manager administration interface
https://master-node-name-or-ip-address/admin.
7.Click “Software Update“.
8.Click “Install a Software Update“.
9.Go through the pack file you already downloaded.
10.Click “UPLOAD” after you’ve browsed the pack file.
11.The pack file had been uploaded. Click “NEXT”.
12.To accept the EULA, tick the box, then click “NEXT“.
13.After reading the release notes, click “NEXT”.
14.To install software, Click “INSTALL”.
15.The Administrator interface logs you out. Return to the primary node Administrator interface. In the left side, click Software Update. The update patch status will be shown.
16.Waiting for the pack to be installed.
17.Refresh the page. The cluster status is changed to Online.
18.Once the upgrade is finished, delete the snapshots you took prior to the software update.
Guidance and Technical Recommendations.
VMware security advisory with critical security severity for VMware vRealize Operations was released. A major vulnerability was discovered in VMware vRealize Operations. Using administrator rights in the vROps application, a malicious actor can get root access to the underlying operating system. We advise applying the patch or upgrading to the patched version to preventing a malicious attacker from accessing critical information in the vROps.
8. ถ้ามีการ download 21.08.0.0 hotfix ก่อน 1630 PDT, 7th April 2022, and deployed it, อาจจะเกิดปัญหากับ Database connection monitoring/status. Please download the updated hotfix for this version (HW-154129-Appliance-21.08.0.0-updated-Apr-07-2022.zip ) which addresses this problem ถ้าทำการ deployed the problematic hotfix and need to replace it with the latest update, please run the following command to before deploying the latest hotfix:
Information regarding CVE-2021-44228 & CVE-2021-45046 in NSX-T Data Center (2.5.0-3.1.3) (87086)
ในบทความนี้ เราจะมาทำ workaround ในการแก้ปัญหา instructions to address CVE-2021-44228 and CVE-2021-45046 in NSX-T Data Center (2.5.0-3.1.3)โดยจะ followup วิธีการ จาก KB87086.
3.ทำการ copy Debian package ไปไว้ NSX-T Manager appliances ทั้ง 3 NSX-T Manager appliances โดยใช้ WinSCP หรือ Linux based SCP หรือ tool ที่สามารถ transfer files ได้.
4.ให้ทำการ check status NSX-T Manager appliances. โดย Cluster status จะต้อง เป็น “STABLE” และ NSX-T Manager จะต้องเป็น “Available“.
5.Login NSX-T Manager appliance โดย SSH ใช้ user account “admin“.
6.ให้ใช้ command check cluster status เพื่อตรวจสอบ cluster status อีกครั้ง โดย Overall Status จะต้องเป็น “STABLE” และ Status ต้อง “UP” ทั้ง 3 nodes ทุก services. get cluster status
6.ให้ switch to account “root“. st en Enter the root password.
Notice: The below content has been updated as of 12/15/2021 to add workaround steps for the related CVE-2021-45046 as noted above. Please re-run all of the below steps even if you have already implemented the original CVE-2021-44228 workaround steps by running the data-rc-witness-log4j-fix.sh and cp-log4j-fix.sh scripts.
1.ทำการ Log in to the vRealize Operations Manager Admin UI โดยใช้ local admin user (https://vROPs-Name or vROPs-IP/admin).
2.ทำการ Click “TAKE CLUSTER OFFLINE” under Cluster Status.
Note: Wait for Cluster Status to show as Offline. ถ้าเราพบว่าหน้า vROPs admin จะไม่สามารถ access ได้ ให้เรา access โดยตรงไป ที่ vROPs Master node IP address (https://vROPs-Master node name or IP address/admin).
3.ทำการ take snapshots vRealize Operations nodes ทั้ง 5 nodes [Analytic (Primary, Replica, Data), Remote Collector 2 nodes] ก่อนจะ apply workaround (How to take a Snapshot of vRealize Operations.).