Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
vSphere UI plugins must be authorized before use.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239690 | VCUI-67-000009 | SV-239690r679176_rule | Medium |
| Description |
|---|
| The vSphere UI ships with a number of plugins out of the box. Any additional plugins may affect the availability and integrity of the system and must be approved and documented by the ISSO before deployment. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 UI Tomcat Security Technical Implementation Guide | 2021-04-15 |
Details
| Check Text ( C-42923r679174_chk ) |
|---|
| At the command prompt, execute the following command: # diff <(find /usr/lib/vmware-vsphere-ui/plugin-packages/vsphere-client/plugins -type f|sort) <(rpm -ql vsphere-ui|grep "/usr/lib/vmware-vsphere-ui/plugin-packages/vsphere-client/plugins/"|sort) If there is any output, this indicates a vSphere UI plugin is present that does not ship with the VCSA. If this plugin is not known and approved, this is a finding. |
| Fix Text (F-42882r679175_fix) |
|---|
| For every unauthorized plugin returned by the check, run the following command. # rm |