Does anyone here know if there's hotfix for this issue in VMAN? Or at least on how to fix it? We're using the upgraded version (7.0) and our security team found this issue.
Good day Manilyn
Do you have a specific CVE number?
That sounds like the vSphere Management Assistant SHA-1 cipher problem maybe: vSphere Management Assistant 6.0.0.1
Hi chrispaap, dunno the CVE ID number and I only have the CVSS Base Score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P).
ecklerwr1 thanks for sending the link and I just now realized that it also uses 5480 port. Now my question, would this affect the vman admin console access in the event that I made some changes?
That I'm not 100% sure about. I have VMAN but I'm not the one that uses it regularly.
hi ecklerwr1, but did you modify the vm console like what it was written from the link?
Hi chrispaap, asking for your comment please?
I'll check with my VMware expert here that uses VMAN and also helps me with all the Orion Modules. He's an expert on all things VMware related too.
Thanks ecklerwr1! That's a big help
Our vmware guy said it sounds like an open ssl library being used on vman 7 may be running a vulnerable version of the ssl library. The link I listed above is totally different but similar as it's another open ssl vulnerability. It sounds like Solarwinds needs to check the v7 open ssl library. This is a newer vulnerability (past couple months)
thank you so much ecklerwr1 for your help
No problem... I know how it is with security scans finding things!
