Release Notes
| Product | Version | Release Date | Download | Release Notes |
|---|---|---|---|---|
| Aria Operations for Logs | 8.18.1 | 11/26 | Download | Release Notes |
| Aria Operations | 8.18.2 | 11/26 | Download | Release Notes |
| Aria Suite Lifecycle Manager | 8.18 PSPACK4 | 11/27 | Download | Release Notes |
| VMware HCX | 4.10.2 | 11/27 | Download | Release Notes |
VMware Security Advisories
Link: VMSA-2024-0022 [HIGH]
Product: Aria Operations
CVSSv3: 6.5 – 7.8
CVE(s):
- Local privilege escalation vulnerability (CVE-2024-38830)
- Local privilege escalation vulnerability (CVE-2024-38831)
- Stored cross-site scripting vulnerability (CVE-2024-38832)
- Stored cross-site scripting vulnerability (CVE-2024-38833)
- Stored cross-site scripting vulnerability (CVE-2024-38834)
Description:
VMware Aria Operations contains a local privilege escalation and stored cross-site scripting vulnerability. To remediate CVE-2024-38830-CVE-2024-38834 apply the patches listed in the ‚Fixed Version‘ column of the ‚Response Matrix‘ found below. There isn’t a Workaround. VMware would like to thank thiscodecc of MoyunSec Vlab, Bing, Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom from Michelin CERT and Quentin Ebel, Abicom from Michelin CERT and Anshul Ola for reporting this issue to us.
| Version | CVE | Fixed Version | Woraround |
|---|---|---|---|
| 8.x | CVE-2024-38830 – CVE-2024-38834 | 8.18.2 | None |
| VCF 5.x | CVE-2024-38830 – CVE-2024-38834 | 8.18.2 | None |
| VCF 4.x | CVE-2024-38830 – CVE-2024-38834 | 8.18.2 | None |
Appendix: Download | Release notes
CVE-2024-38830 | CVE-2024-38831 | CVE-2024-38832 | CVE-2024-38833 | CVE-2024-38834
Product Lifecycle
| Product | EOL |
|---|---|
| VMware Centralized RAN Intelligence Controller 2.1.0 | 12/31/24 |
| VMware Distributed RAN Intelligence Controller 2.0.4 | 12/31/24 |
| VMware Usage Meter 4.8 | 12/31/24 |
| Tanzu Application Service (TAS) – Partner Services 24.1.0 | 02/01/25 |
| Tanzu Web Service 6.4.2103000001 | 02/28/25 |
| VMware Carbon Black 6.4.2103000001 | 02/28/25 |
| VMware Tanzu Application Service 4.0.9 | 02/28/25 |
| VMware Tanzu Application Service 6.4.2103000001 | 02/28/25 |
| VMware Tanzu Platform 4.0.9 | 02/28/25 |
| VMware Tanzu Platform 6.4.2103000001 | 02/28/25 |
| VMware Tanzu Platform – SM 6.4.2103000001 | 02/28/25 |
KB Article
| Subject | KB Artikel |
|---|---|
| vMotion is not working within cluster between ESXI host. | 383073 |
| Error creating Active Directory integration in Aria Automation. | 383044 |
| How to collect a support bundle for NSX nodes via CLI | 383034 |
| Email Notification for an Alert is Missing Virtual Machine Tags | 382976 |
| Content Library Not Visible in to specific AD group in vCenter Server | 382970 |
| Datastore cluster is not visible in Storage Profiles. | 382952 |
| How to Install a patch for VMware Aria Suite Lifecycle 8.x | 382948 |
| „Failed to create AI resource. Resource with same key already exists“ when attempting to re-create adapter instance – Aria Operations | 382929 |
| Integrating Aria Automation with Aria Operations, fails with an error message „failed to create AI resource, Resource with same key already exists“ | 382890 |
| vSphere HA Fails to configure on ESXi Host Nodes Due to Scratch Partition Configuration Conflict | 382834 |
| Intel X7xx NICs flapping due to TX hang error | 382782 |
| OpenSSH vulnerabilities CVE– 2024-6387 & CVE-2024-39894 | 382768 |
| Link to Aria Operations in vSphere, in the ‚Aria Operations‘ tab of the main menu, shows IP instead of FQDN | 382728 |
| NSX: External interfaces on Tier0 in Active_Standby mode cannot use more than 2 edge nodes (Error code: 503117) | 382727 |
| VM CPU Workload (%) Discrepancy between Aria Operations (formerly vRealize Operations) and Guest OS Task Manager | 382726 |
| Cannot create new VM on vSAN Datastore : VM creation task fails at 6% – Reserving folder on host | 382721 |
Podcast | Webinar | Blog Posts
VCF EXAMS (ADMINISTRATOR & ARCHITECT) – EXPERIENCE
As a VMware by Broadcom employee in the VCF Business Unit, you can do three free exams per calendar year, on a voucher, so it makes it fairly riskless to try them out, without (a lot of) preparation. So in my case, I first tried the VCF VCP Administrator exam (2V0-11.24) in October, and today (about a month later) I tried the VCF VCP Architect exam (Exam 2V0-13.24). In this blog, I’ll give a little bit of insight into my experience.
Aria Operations 8.18.2
Aria Operations 8.18.2 dropped today, addressing bugs and CVEs, here are the Release Notes, and the associated KB. Log into the Broadcom Support Portal and download the necessary binaries, in my case I’m grabbing the Upgrade Assessment Tool […]
VCF9 – vSAN to vSAN replication
In this video Duncan Epping go over the vision VMware has for vSAN to vSAN native replication, and I will show you what that will look like in the UI as well in the future. Note, these features are planned, not committed and no timelines have been shared.
Aria Operations Diagnostic Findings „Overall Findings 0“
No findings are displayed? Only an “Overall Findings 0”. I have not only noticed this with my customers, but also heard it from other TAM colleagues and noticed it in various home labs. But why is that? First of all. It’s not mention that there is anything wrong.