A security vulnerability was discovered in one of the authentication components that may be used to access Identity Manager called “Redistributable STS” (RST). This could allow an attacker to gain unauthorized access to the system.
How does this affect me?
One Identity Recommends that customers install the security fix for One Identity Manager 8.1.x and 8.2.x versions.
A security fix has been released for One Identity Manager versions 8.1.x and 8.2.x, available here.
Note: The updated versions of this fix will also be included in the upcoming releases and service packs beginning with versions 8.1.6 and 8.2.1.
The following is a list of things updated in this hotfix.
To install this hotfix
Extract the content of the provided file here..
Replace the content of the folder “Modules\QBM\\\Redistributable STS” of your One Identity Manager installation source with the binaries provided with this hotfix.
Uninstall your installation of the redistributable STS.
Reinstall the redistributable STS using the new binaries.
Verify the correct version
Check the version of the newly installed rsts.exe. The expected file version is ”2022.3.30.0”.