Hi,
I gone thru the vulnerability description and workaround by VMware.
Workaround Instructions for CVE-2021-21972 and CVE-2021-21973 on VMware vCenter Server (82374)
I don't have vROPs plugin in my environment even no plugin on vSphere Client.
My vCenters still vulnerable ?
However we are planning to update on recommended level.
Regards
Pankaj S.
You should look at setting up skyline
https://www.vmware.com/support/services/skyline.html
I think its free as long as you have support. It scans your vcenter and lets you know about critical issues it finds, if something is fixed the finding will go away.
Well. There are two things that you should be aware off:
You can see if the plugin is there under Administration -> Solutions -> Client Plug-Ins like below:
In the above example you would be vulnerable. But I've updated so I'm good. The update itself takes about 5 minutes, depending on where you are coming from.
hi,
In my opinion even though (preinstalled) vRops plugin (no matter it was installed manually or not) is not obvious in older variants of 6.5 but it still there since HTML 5 introduced that time and caveat was identified once WebUI client become fully functional with HTML 5.
So I am completely agree with two other experts that VCSA 6.5 is vulnerable and fix should be applied asap.
Regards