Certain releases of Workspace ONE Access, Identity Manager, and Workspace One Access Adapter have been determined to impact CVE-2020-4006. In VMSA-2020-0027, this vulnerability and its effect on VMware products are reported. Before proceeding.
Tuesday, November 24, 2020, 08:55 GMT
Affected Product versions:
- VMware Workspace One Access 20.10 (Linux)
- VMware Workspace One Access 20.01 (Linux)
- VMware Identity Manager 3.3.3 (Linux)
- VMware Identity Manager 3.3.2 (Linux)
- VMware Identity Manager 3.3.1 (Linux)
- VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)
- VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows)
This workaround refers ONLY to VMware Workspace One Entry, VMware Identity Manager and Connector of VMware Identity Manager. Do not extend this solution to other products from VMware.
Impacts in Features
For the configurator hosted on port 8443, this workaround is important. Impacts are confined to the features offered by this service. Changes to configurator-managed configurations won’t be possible when the fix is in place. Please revert the workaround following the instructions below if adjustments are needed, make the required changes, and deactivate again before updates are available. Furthermore, it will not view any of the device diagnostics dashboard.
To implement the workaround for CVE-2020-4006 perform the following steps below. Please note the product operating system.
1. Implement workaround for Linux based appliances
- Use SSH to connect to appliance using “sshuser” credentials configured during installation or updated later.
- Switch to root by typing su and provide “root” credentials configured during installation or updated later.
- Run the following commands:
mv webapps/cfg webapps.tmp
mv conf/Catalina/localhost/cfg.xml webapps.tmp
service horizon-workspace restart
Repeat steps for all Linux based appliances affected by CVE-2020-4006.
2. Implement workaround for Windows based servers
- Log in as Administrator.
- Open a Command Prompt window and run the following commands:
net stop “VMwareIDMConnector”
move webapps\cfg webappstmp
move conf\Catalina\localhost\cfg.xml webappstmp
net start “VMwareIDMConnector”
Repeat steps for all Windows based servers affected by CVE-2020-4006.