This morning we announced VMSA-2024-001 with the following Synopsis:
VMware Aria Automation (formerly vRealize Automation) updates address a Missing Access Control vulnerability (CVE-2023-34063)
The fix is addressed in Aria Automation 8.16, which requires Aria Suite Lifecycle Manager 8.14 PSPack 4, which is now GA. Go to Lifecycle Operations - Settings - Product Support Pack - CHECK SUPPORT PACKS ONLINE and get it.
Once applied, download Aria Automation 8.16 via Lifecycle Operations - Settings - Binary Mapping - Product Binaries - ADD BINARIES and either discover via My VMware or upload them manually, I'm downloading mine from My VMware.
Once downloaded we can upgrade. Go to Lifecycle Operations - Environments - select your environment - VMware Aria Automation - UPGRADE.
Click UPGRADE and work your way through the prompts.
Upgrade to Aria Automation 8.16 complete and VMSA-2024-0001 has been addressed. If your impatient like I am and want to follow along at home you can always SSH into your Automation VM and run the following command to get updates: vracli upgrade status --follow. Thanks for the pro-tip Coz!
Comments