Vulnerabilities Addressed by This (Superseded) Patch

This article provides information on a previous patch (HW-170932) that addressed the vulnerability documented in VMSA-2023-0011.

Impacted Product Suites

This patch was applicable to VMware Identity Manager instances deployed within the following environments:

• VMware Aria Suite Lifecycle (vRSLCM) 8.x
• VMware Cloud Foundation (VCF) 4.x

Affected Versions

Additional Information

This patch also included an updated connector (HW-170932-Connector-3.3.7.zip) which added support for Active Directory domain controllers on Windows Server 2022 and included a fix for RADIUS authentication issues.

Install the patch relevant to your version of WS1 Access from the table below to address the vulnerabilities noted in this document. No workaround is available for these vulnerabilities.

Before You Begin:

• It is recommended to upgrade instances of unsupported versions to a newer supported version before applying the patch. This procedure will not work for unsupported versions. Please refer to the Product Lifecycle for the list of supported versions of the product.

• It is strongly recommended to take a snapshot or backup of the Appliance(s) and the database server before applying the procedure.

• Download the patches:

NOTE:

• The patch can be deployed independently and will not require all appliances to be offline at the same time. Therefore, the deployment of the patch can be accomplished in a rolling fashion without taking the entire Workspace ONE Access environment offline.

• This patch can be applied to the appliance regardless of any previous patches applied to the appliance and will not impact the installation.

• If you are running a cluster deployment, repeat the deployment steps on each additional node of the cluster.

• To revert this patch, you can revert to the appliance(s) snapshot and the database backup taken before applying these steps.

Patch Deployment Procedure:

1. Login as sshuser, sudo to root level access.
2. Download and transfer HW-170932-Appliance-<Version>.zip to the virtual appliance. This zip file can be saved anywhere on the file system. VMware by Broadcom recommends SCP protocol to transfer the file to the appliance. Tools such as WinSCP can also be used to transfer the file to the appliance. 
3. Unzip the file using the command below.

unzip HW-170932-Appliance-<Version>.zip

4. Navigate to the files within the unzipped folder using the command below. 

cd HW-170932-Appliance-<Version>

5. Run the patch script using the command below:

./HW-170932-applyPatch.sh

Patch Deployment Validations:

1. Login as an Administrator to the Workspace ONE Access Console and verify the System Diagnostics page is green.

2. If the patch is applied successfully, you can find a flag file created as HW-170932-<version-number>-hotfix.applied (ex: HW-170932-22.09.1.0-hotfix.applied) in /usr/local/horizon/conf/flags directory.

To revert this patch, you can revert to the appliance(s) snapshot and the database backup taken before applying these steps. 

NOTE:

If you're encountering a certificate authentication login issue with version 22.09.1.0, please download the HW-182351-Appliance-22.09.1.0.zip file and follow the instructions in the included README to apply the patch.

Change Log:
15th Jun 2023: Added note to download additional patch for cert auth login issue