Came across an issue where we see vIDM Inventory Sync fails after applying KB 81731 which talks about fixing CVE-2020-4006
vIDM configurator page(:8443) will not be available/accessible and we are blocking it due to security vulnerability
CVE-2020-4006 has been determined to affect some releases of Workspace ONE Access, Identity Manager, and Workspace ONE Access Connector. This vulnerability and its impact on VMware products are documented in VMSA-2020-0027. Please review this advisory before continuing as there may be considerations outside the scope of this document including permanent fixes.
Affected Product versions:
VMware Workspace ONE Access 20.10 (Linux)
VMware Workspace ONE Access 20.01 (Linux)
VMware Identity Manager 3.3.3 (Linux)
VMware Identity Manager 3.3.2 (Linux)
VMware Identity Manager 3.3.1 (Linux)
VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)
VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows)
VMware Identity Manager Connector 19.03.0.0, 19.03.0.1
According to KB following steps were suggested to implement workaround on vIDM
Implement workaround for Linux based vIDM appliances
Use SSH to connect to appliance using “sshuser” credentials configured during installation or updated later.
Switch to root by typing su and provide “root” credentials configured during installation or updated later.
Run the following commands:
cd /opt/vmware/horizon/workspace
mkdir webapps.tmp
mv webapps/cfg webapps.tmp
mv conf/Catalina/localhost/cfg.xml webapps.tmp
service horizon-workspace restart
Repeat steps for all Linux based appliances affected by CVE-2020-4006.
The moment this workaround is implemented on vIDM , Inventory Sync of vIDM through vRLCM will fail
For Inventory Sync to work through vRLCM one has to revert the workaround as stated in the KB
Revert workaround for Linux based appliances
Use SSH to connect to appliance using “sshuser” credentials configured during installation or updated later.
Switch to root by typing su and provide “root” credentials configured during installation or updated later.
Run the following commands:
cd /opt/vmware/horizon/workspace
mv webapps.tmp/cfg webapps
mv webapps.tmp/cfg.xml conf/Catalina/localhost
rmdir webapps.tmp
service horizon-workspace restart
Repeat steps for all Linux based appliances affected by CVE-2020-4006
This issue is fixed in vIDM 3.3.4 which is packaged with vRLCM 8.3 and vRA 8.3
NOTE: If there are plans to upgrade vIDM you have to revert the patch using the steps mentioned above.
Comments