This is a known issue. Please see the below workaround if you are affected by this vulnerability.Workaround:
- Using a file transfer utility, like WinSCP, copy the /opt/vmware/vcf/lcm/lcm-tools directory on the VMware SDDC Manager VM to a computer with internet access.
- Edit the lcm.depot.adapter.remote.index.filename property in the /lcm-tools/conf/application-prod.properties file from "index.v3" to "index.offline".
Example:
lcm.depot.adapter.remote.index.filename=index.offline
- To download the vCenter Server bundle (bundle-22962), the tool needs to be run with bundle specific ID. Open a command prompt on the internet facing machine and run the following command:
./lcm-bundle-transfer-util --download --outputDirectory <Output-dir> --depotUser 'Customer [email protected]' --bundle bundle-22962
- Open an SSH session to the SDDC Manager VM and change to the root user:
su -
- Create a directory on the SDDC Manager:
mkdir /nfs/vmware/vcf/nfs-mount/VC-67
- Once the bundle is downloaded, copy the update bundle directory from the external computer to the SDDC Manager VM in the /nfs/vmware/vcf/nfs-mount/VC-67 directory.
- In the SDDC Manager VM, change the ownership and permissions of the uploaded bundles.
chmod -R 0777 /nfs/vmware/vcf/nfs-mount/VC-67
chown -R vcf_lcm:vcf /nfs/vmware/vcf/nfs-mount/VC-67
- In the SDDC Manager SSH session, upload the bundle file to the internal LCM repository
cd /opt/vmware/vcf/lcm/lcm-tools/bin
./lcm-bundle-transfer-util -upload -bundleDirectory /nfs/vmware/vcf/nfs-mount/VC-67/ --bundle bundle-22962
- The vCenter Server Update bundle should now be available with the SDDC Manager UI, Proceed with applying the vCenter patch bundle.