This site will be decommissioned on December 31st 2024. After that date content will be available at techdocs.broadcom.com.

vCenter Server 6.7 Update 3n | 25 MAY 2021 | ISO Build 18010531

vCenter Server Appliance 6.7 Update 3n | 25 MAY 2021 | ISO Build 18010531

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

  • vCenter Server 6.7 Update 3n delivers security fixes documented in the Resolved Issues section.

Earlier Releases of vCenter Server 6.7

New features, resolved, and known issues of vCenter Server are described in the release notes for each release. Release notes for earlier releases of vCenter Server 6.7 are:

For internationalization, compatibility, installation and upgrade, open source components and product support notices see the VMware vCenter Sever 6.7 Update 1 Release Notes.

For more information on vCenter Server versions that support upgrade to vCenter Server 6.7 Update 3n, refer to VMware knowledge base article 67077.

Patches Contained in This Release

This release of vCenter Server 6.7 Update 3n delivers the following patch. See the VMware Patch Download Center for more information on downloading patches.

NOTE: vCenter Server 6.7 Update 3n does not provide a security patch to update the JRE component of vCenter Server for Windows and Platform Services Controller for Windows. Instead, you must download the VMware-VIM-all-6.7.0-18010531.iso file from file from Download Patches on vmware.com.

Full Patch for VMware vCenter Server Appliance 6.7 Update 3n

Product Patch for vCenter Server Appliance containing VMware software fixes, security fixes, and third-party product fixes (for example, JRE and tcServer).

This patch is applicable to the vCenter Server Appliance and Platform Services Controller Appliance.

For vCenter Server and Platform Services Controller Appliances

Download Filename VMware-vCenter-Server-Appliance-6.7.0.48000-18010531-patch-FP.iso
Build 18010531
Download Size 2044.0 MB
md5sum 796b72376e7358d9cd68ac43a255a91f
sha1checksum f8a72d8815a17c87cdea5e4d3e9cae8dff543ac1

Download and Installation

You can download this patch by going to the VMware Patch Download Center and selecting VC from the Select a Product drop-down menu.

  1. Attach the VMware-vCenter-Server-Appliance-6.7.0.48000-18010531-patch-FP.iso​ file to the vCenter Server Appliance CD or DVD drive.
  2. Log in to the appliance shell as a user with super administrative privileges (for example, root) and run the following commands:
    • To stage the ISO:
      software-packages stage --iso
    • To see the staged content:
      software-packages list --staged
    • To install the staged rpms:
      software-packages install --staged

For more information on using the vCenter Server Appliance shells, see VMware knowledge base article 2100508.

For more information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.

For more information on staging patches, see Stage Patches to vCenter Server Appliance.

For more information on installing patches, see Install vCenter Server Appliance Patches.

For issues resolved in this patch see Resolved Issues.

For Photon OS updates, see VMware vCenter Server Appliance Photon OS Security Patches

For more information on patching using the Appliance Management Interface, see Patching the vCenter Server Appliance by Using the Appliance Management Interface.
 

Resolved Issues

The resolved issues are grouped as follows.

Security Issues
  • VMware vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the VMware vSAN health check plug-in. A malicious actor with network access to port 443 might exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21985 to this issue. For more information, see VMware Security Advisory VMSA-2021-0010.

  • VMware vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the vSAN health check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability Client plug-ins. A malicious actor with network access to port 443 on vCenter Server might perform actions allowed by the impacted plug-ins without authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21986 to this issue. For more information, see VMware Security Advisory VMSA-2021-0010.

Known Issues from Prior Releases

To view a list of previous known issues, click here.

check-circle-line exclamation-circle-line close-line
Scroll to top icon