VMware Security Response Center

Where did my VMware Security Advisories go?

Wednesday May 8, 2024 Updates
I)
Today, we’ve learned that it is NOT needed to login into the Broadcom Support Portal to see a list of VMware Security Advisories. The following URLs show the list of security advisories by VMware division without the need to login:

VMware Division URL to list of VMware Security Advisories by division
VMware Cloud Foundation https://support.broadcom.com/web/ecx/security-advisory?segment=VC
Tanzu https://support.broadcom.com/web/ecx/security-advisory?segment=VT
Application Networking and Security https://support.broadcom.com/web/ecx/security-advisory?segment=VA
Software Defined Edge https://support.broadcom.com/web/ecx/security-advisory?segment=VE

II)
The migration of VMSA-2024-0003 – VMSA-2024-0008 to the Broadcom Support Portal has completed. Please note that their publication date is incorrectly set at May 7 or May 8. The body of the advisory shows the correct publication date.

Tuesday May 7, 2024
The location of VMware Security Advisories (VMSAs) has changed on May 6, 2024. They are now available from the Broadcom Support Portal. The legacy VMSA URLs still work but are now redirected to the portal, for example:
https://www.vmware.com/security/advisories/VMSA-2024-0002.html points to:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23681.

With this change, we need to alert you that the list of VMSAs on www.vmware.com/security/advisories is no longer kept up-to-date and that VMSA-2024-0008 will be the last listed advisory.

The list of advisories has a new location in the Broadcom Support Portal and can be retrieved as follows:

  • Go to the Broadcom Support Portal and create a free account if you have no account yet.
  • When logged in, open the   drop down box on the top of the page which lists the Broadcom divisions.
  • From the drop down box, select the VMware division that you would like to see a list of security advisories for.

Then select “Security Advisories” in the left pane and the list of advisories will be shown for the selected division. The screenshot below is for the VMware Cloud Foundation division.

Notes:

  • VMSAs for Carbon Black security vulnerabilities are listed under the Cyber Security Software division.
  • VMSAs for EUC products will continue to be published on www.vmware.com/security/advisories and are not available from the portal.
  • The following VMSAs have not yet migrated to the Support Portal: VMSA-2024-0003, VMSA-2024-0004, VMSA-2024-0005, VMSA-2024-0006, VMSA-2024-0007, and VMSA-2024-0008.
  • Based on customer entitlements and customer settings, the Support Portal will send out notifications to customers that have signed up to receive notifications for new or modified security advisiories. However, at this time, Support Portal is not yet prepared to send out these notifications when a VMware Security Advisory is published or modified.