This article is more than 1 year old

VMware vRealizes that vRealize has XSS bugs on Linux

Virtzilla's also released first maintenance release for vRealize Automation

A tricky Tuesday for VMware's vRealize products, which have received the first maintenance release for version 7 and also become the subject of a security alert.

Let's do the alert first, as it explains that several vRealize products have a pair of cross-site-scripting bugs that could compromise a user's workstation.

The mess means that vRealize Business Advanced and Enterprise 8.x on Linux need a patch, to version 8.2.5. VMware vRealize Automation has a similar problem. This one's nothing to cancel a good lunch over: it only impacts version 6.x on Linux. Upgrading to version 6.2.4 will sort things out.

Virtzilla's published fix instructions and download links here.

In happier news, vRealize Automation is now at version 7.01, a change Virtzilla bills as offering “several new features and enhancements” in addition to the usual housekeeping to be expected in a .01 release.

The new bits include a management agent to automate the installation of Windows components and to collect logs, and an installation Wizard that automates a Minimal or Enterprise installation. No reason to take your blood pressure pills over those!

On the fix front, the list is long and addresses some things that look very irritating - “Virtual machine is deleted during reprovisioning when a datastore is moved from one SDRS cluster to another” - and others that are mere annoyances, such as an issue that meant “After you upgrade to vRealize Automation 7.0, duplicate catalog items for the same business group appear in the catalog.” ®

More about


Send us news

Other stories you might like