VMware Aria Automation (formerly vRealize Automation)

Recently, while attempting to change some settings on several instances of vRealize Orchestrator embedded within vRealize Automation 8.8.1 appliances, I found that I could not successfully authenticate to the vRealize Orchestrator Control Center interface. The interface is located at https://[vRA URL]/vco-controlcenter and requires that you provide the “root” user credentials to access it. Although I could authenticate to the virtual appliance consoles using the “root” credentials, I could not successfully authenticate to the vRealize Orchestrator Control Center interface.

Recently I began familiarizing myself with VMware vRealize Automation SaltStack Config in my home lab. While I'm still relatively new to the product, I was curious to learn more about the compliance and vulnerability management capabilities provided by the SecOps add-on. In this post, I introduce VMware vRealize Automation SaltStack SecOps and briefly review the various features and functionality provided by the product. In subsequent blog posts, I will give a more in-depth look at vulnerability management and compliance management capabilities.

VMware vRealize Automation 8.8.1 was released on June 9, 2022. With this release, VMware has provided security updates and new features, including support for the vRealize Automation Extensibility (vREx) Proxy.

Hot on the heels of the recent April 2022 VMware critical security advisory VMSA-2022-0011, which addressed eight CVEs within VMware Workspace ONE Access and VMware Identity Manager, VMware has released a new creitical security advisory VMSA-2022-0014. This advisory addresses two new security vulnerabilities (CVE-2022-22972 and CVE-2022-22973) in VMware Workspace ONE Access and VMware Identity Manager, with one rated as critical. Authentication Bypass Vulnerability - CVE-2022-22972 According to VMware, a malicious user with network access to the VMware Workspace ONE Access or VMware Identity Manager user interfaces may be able to obtain administrative access without needing to authenticate.

VMware has released the latest update to the vRealize Suite, vRealize Automation 8.8, on April 28, 2022. With this release, VMware has provided several enhancements and new features, including support for multi-level approval policies, enhanced custom naming for deployment resources, and support for legacy vRealize Orchestrator workflow presentations within vRealize Automation custom forms.