VCSA 6.7 doesn't know there's a patch

SentiBlue · ‎04-22-2019

Hey everyone,

Recently VMSA-2019-0005 was released and our Nessus scanner picked up this. It advised us to patch our ESXi servers which we're more than happy to comply.

But VCSA 6.7 (which has VUM integrated) doesn't recognize this though. It claims all of our hosts are compliant.

Its default as well as custom baselines don't specify ESXi versions. Rather when creating a baseline, it doesn't allow us to specify a version like vCenter Server 6.5 did.

Anybody can help me to get VCSA to pick up that VMSA?

johncol · ‎04-23-2019

What version/build are your hosts? When you check VUM, settings and click download now, is there a task?

SentiBlue · ‎04-24-2019

Hi John,

All of my hosts are VMware ESXi, 6.0.0, 10719132 which is fully patched up to before VMSA-2019-0005.

Normally it would recognize a new patch and offers the option to remediate the clusters.

The thing is we recently got rid of the vCenter Server 6.5, built a fresh VCSA 6.7 and added existing hosts to the new clusters created there without the migration. It seemeed to work well but when we created a baseline on VUM, it does not allow me to specify the host version. Instead it just asks vendor and product. Samething seen with the default critical and non-critical baselines.

Regardless I created the baseline and attached to the clusters but their scans for updates don't show an available patch. I'm quite confused.

Can you review the screenshot of the baseline creation to see if that's out of ordinary? Thanks!