HPE Community
HPE SimpliVity
1829854 Members
1907 Online
109993 Solutions
New Discussion

Re: VCSA Update 3m due to vulnerability (multiple CVE's)

 
SOLVED
Go to solution
Brian_Galante
Frequent Advisor

‎06-26-2023 06:14 AM - last edited on ‎06-26-2023 08:51 PM by

‎06-26-2023 06:14 AM - last edited on ‎06-26-2023 08:51 PM by

VCSA Update 3m due to vulnerability (multiple CVE's)

Hi,

Wondering if anyone has installed update 3m due to this vulnerability notice:

https://www.vmware.com/security/advisories/VMSA-2023-0014.html#

I'm currently running Simplivity Version: 4.1.2.162 with VSphere 7U3e, and ESXi 7.0 Update 3d.

 

Wondering if anyone has installed and / or seen any issues with this.

According to Simplivity, we can install this patch because it's within the same update (U3 in my case). So I plan on doing that in the next week or so.

 

0 Kudos
Reply
3 REPLIES 3
MGolloher
Senior Member

‎06-26-2023 12:40 PM

‎06-26-2023 12:40 PM

Re: VCSA Update 3m due to vulnerability (multiple CVE's)

We installed it here.

No issues so far with the VCSA at 7.0.3 Build:21784236 and SimpliVity (4.1.2.162)

0 Kudos
Reply
Kipp_Glover
HPE Pro

‎06-28-2023 05:38 AM

‎06-28-2023 05:38 AM

Re: VCSA Update 3m due to vulnerability (multiple CVE's)

Per the interop guide (Page #40), you can upgrade to the latest VCSA 7.0 U3m.   Engineering is in the process of qualifying VCSA 7.0 U3m, but in the meantime, you can still upgrade.  Below is a paste from the Interop Guide without formatting: 

"A customer may upgrade vCenter to an unlisted patch version only when the vCenter major and minor versions are already listed in this document. Unlisted major or minor version updates are not supported.  For example, if vCenter Server 6.5 Update 3e is the latest supported 6.5 version in this document, and VMware releases patch version 6.5 Update 3g to fix a security issue, it is acceptable to upgrade to Update 3g before HPE updates the document.However, if VMware releases a new minor version 6.5 Update 4 and HPE has not yet added Update 4 to this document, a vCenter upgrade to 6.5 Update 4 would not be supported.  Customer must accept that new/unlisted patch versions have not yet been qualified by HPE SimpliVity"

/Kipp



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Sunitha_Mod
Honored Contributor

‎07-03-2023 12:08 AM

‎07-03-2023 12:08 AM

Solution

Re: VCSA Update 3m due to vulnerability (multiple CVE's)

Hello @Brian_Galante,

Let us know if you were able to resolve the issue.

If you have no further query and you are satisfied with the answer then kindly mark the topic as Solved so that it is helpful for all community members.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.