Would anyone be so kind as to advise me whether vRealize Operations Manager Appliance - 10.25.4.180 Version 6.0.2.2777062 Build 275985 is open to the Grub2 Authentication Bypass 0-Day vulnerability, please?
Here is the link from the CVE site:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370
I ask, as I am aware that the Guest OS build for the appliance is SUSE Enterprise Linux 11
Thanks in advance for any advice / feedback or insight...
The vuln impacts GRUB version 1.98 to 2.02. I'm not running vROps v6.0.2 anymore and can't look myself, but you should be able to check what GRUB version the v6.0.2 appliance is running (should be pretty quick to check) to see if the CVE is even applicable. Mind you, v6.0.2 is from mid 2015, and these are the types of things we patch as we do our updates to newer versions. The easiest way to stay on top of these things is to stay current with our product version, which also include OS-level updates.
Thank you for your assistance with this, it's certainly appreciated