Issue
VMWare recently released update 7.0 U2b to address two high profile security vulnerabilities.
If this update is installed it breaks VMWare tag associations, which in turn means that if Commvault backups and virtual machine reporting (specifically Chargeback) are based on VMWare Tags those backups or Reports will also no longer function properly.
Security Issues
- VMware vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the VMware vSAN health check plug-in. A malicious actor with network access to port 443 might exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21985 to this issue. For more information, see VMware Security Advisory VMSA-2021-0010.
- VMware vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the vSAN health check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability Client plug-ins. A malicious actor with network access to port 443 on vCenter Server might perform actions allowed by the impacted plug-ins without authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21986 to this issue. For more information, see VMware Security Advisory VMSA-2021-0010.
Additional Information
Issue adding tags to the vCLS VMs with vCenter Server 7.0 U2b | Yellow Bricks \(yellow-bricks.com\)
Resolution
There is no corrective action on CommVault's side at this time. Please contact VMware Support.
