VMware Aria Automation Upgrade to remediate Security Vulnerability (VMSA-2024-0001)

Aria Automation having a security vulnerability issue that an existing or non-existing person with authentication may access unauthorized or restricted part of organizations and workflows. This issue has been given CVSSv3 base score of 9.9 which means it's a Critical severity and needs to be remediate immediately.

Let's start with the Upgradation process!

Firstly, Take snapshot of Aria Automation appliance. Later delete the snapshot once the upgradation is completed.

This issue can be remediated in two ways, either upgrade vRA version to 8.16 or just upgrade with patch for an existing version. I am going to use patch for upgradation. Here I have version 8.12.2 and VMware provided the fixed version of patch.

Before starting the process, if you are in offline mode then first download the appropriate patch for your version.  As this blog is for online mode so here, we go.

1.  Go to Login page of VMware Aria Suite Lifecycle manager > Login using credentials > Click on Lifecycle Operations.  
2. From Dashboard navigate to Settings > Binary Mappings > Patch Binaries > click on "CHECK PATCHES ONLINE".
3. Available patch will be shown as per your Aria Automation version > click download and wait for the request to complete.
4. After the completion of download, Now navigates to "Environments" > Click on view details of target region.
5. In Details page of region > Click on 3 dots and go to "patches" > check the history (last patch version will be visible if upgraded previously) and then go for "Install Patch".
6. Install Patch > Select the downloaded patch (must check the patch version) > click Next
7. Review the information and click Finish. 
8. Once the upgradation process finish, again check the patch history and match with the expected version. (Also, can check form CLI, using "vracli version patch" command)