This article provides important information for upgrading the Photon OS libraries to fix security vulnerabilities.
List of affected version
Product Component |
Version(s) |
Applicable CVE(s) |
VMware Identity Manager Appliance |
CVE-2024-36971,CVE-2023-31130 CVE-2023-32067, CVE-2023-31147 CVE-2023-20867, CVE-2023-48795 CVE-2023-51384, CVE-2023-51385 CVE-2019-18276, CVE-2023-31486 CVE-2023-2953, CVE-2023-31124 CVE-2023-38039, CVE-2023-34058 CVE-2023-34059, CVE-2023-29499 CVE-2023-32611, CVE-2023-32636 CVE-2023-32643, CVE-2023-32665 CVE-2023-7104, CVE-2023-42465 CVE-2023-4408, CVE-2023-50387 CVE-2023-50868, CVE-2023-5517 CVE-2023-5679, CVE-2023-6516 CVE-2024-33600, CVE-2024-33601 CVE-2024-33602, CVE-2024-0743 CVE-2024-38428, CVE-2024-34459 CVE-2024-37370, CVE-2024-37371 CVE-2024-44987, CVE-2024-44998 CVE-2024-44999, CVE-2024-46673 CVE-2024-46674, CVE-2023-6597 CVE-2024-45490, CVE-2024-45491 CVE-2024-45492,CVE-2022-45934 CVE-2024-1086, CVE-2024-0607 CVE-2022-41218, CVE-2022-3628 CVE-2023-0458, CVE-2022-36280 CVE-2022-3424, CVE-2023-0266 CVE-2023-28328, CVE-2022-47929 CVE-2023-0394, CVE-2023-23455 CVE-2023-0461, CVE-2023-2952 CVE-2019-17026, CVE-2020-15656 CVE-2021-29984 |
VMware Identity Manager 3.3.x
Example:
unzip CSP-97727-Appliance-3.3.7.zip -d CSP-97727-Appliance-3.3.7
cd CSP-97727-Appliance-3.3.7
./CSP-97727-applyPatch.sh
Note: If you are running a cluster deployment, repeat the steps above on all additional nodes of the cluster.
After the patch deployment, perform the below steps to confirm the patch has been applied successfully
/usr/local/horizon/conf/flags
directory.https://<vidm-hostname>:8443
Note:
To revert this patch, you can revert to the appliance(s) snapshot and the database backup taken before applying these steps.