Description

A security vulnerability causes the connection between VEA servers and clients to fail. This issue occurs when JRE is upgraded to a version later than 1.8.0_181 on a system where InfoScale 7.4.1 or 7.4.2 installed.

Solution

The following patches address the issue by fixing the vulnerability in VEA:

• Patch_7_4_10008_0_4022624 for InfoScale 7.4.1
• Patch_7_4_20002_0_4022627 for InfoScale 7.4.2

To install the patch

1. Close the VEA GUI.
2. Back up the existing JRE version folder located at %VIP_PATH%\jre.
3. Copy the new JRE version folder at the %VIP_PATH% location.
4. Download the applicable patch from:
   • Patch_7_4_10008_0_4022624
     https://downloads.infoscale.com/ 
   • Patch_7_4_20002_0_4022627
     https://downloads.infoscale.com/
5. Install the patch on the InfoScale server.
6. Open the VEA GUI and connect to server.

To uninstall the patch

1. Close the VEA GUI.
2. Restore the default JRE version (1.8.0_181) folder located at %VIP_PATH%\jre.
3. If UAC is enabled, run the program or commands in the Run as administrator mode even if the logged-on user belongs to the local administrators group. Alternatively, log on as a domain administrator to perform the tasks.
4. Open the VEA GUI and connect to server.

Upgrading JRE (32 bit) version on the InfoScale server when the patch is already installed

1. Close the VEA GUI.
2. Back up the existing JRE version folder located at %VIP_PATH%\jre.
3. Copy the new JRE (32 bit) version folder at the %VIP_PATH% location.
4. Open the command prompt, and navigate to the following location:
   C:\Program Files\Veritas\VERITAS Object Bus\jre\bin
5. Run the following command:
   In an administrator command prompt, run the posthotfixactivity.bat from the extracted WxRT patch location for Patch_7_4_10008_0_4022624 or Patch_7_4_20002_0_4022627.
   
   This is some of the details that are run in the posthotfixactivity.bat command.  This can be run as an alterative to the running the posthotfixactivity.bat command.
   keytool -import -file "certFilePathName" -alias certAlias -keystore "certLocation"
   where, certFilePathName indicates the certificate file name including the path, certAlias indicates the alias for the certificate, and certLocation indicates the location of the file.
   For example:
   keytool -import -file "%VIP_PATH%\VxVMCERT.pem" -alias VeritasCA -keystore "C:\Program Files\Veritas\VERITAS Object Bus\jre\lib\security\cacerts"
    
6. Open the VEA GUI and connect to the VEA server.

Additional considerations

If you are upgrading JRE to a version later than JRE 1.8.251, then you must also install the latest Microsoft Visual C++ Redistributable for Visual Studio 2015, 2017 and 2019 x86 redistributable package on the InfoScale systems.

The VEA GUI may fail to launch if the latest Visual C++ Redistributable packages are not installed.

Refer to the following for more details:

• JAVA 1.8.261 Release notes: https://www.oracle.com/java/technologies/javase/8u261-relnotes.html
• x86 Visual C++ redistributable download: http://support.microsoft.com/kb/2019667

Supported InfoScale version

7.4.1, 7.4.2

Supported JRE versions

Later than 1.8.0_181 through 1.8.0_251.

Limitations

• This patch does not apply to the VEA client that are available for download at:
  • 7.4.1: https://downloads.infoscale.com/ 
  • 7.4.2: https://downloads.infoscale.com/ 
• In case of InfoScale 7.4.2, you must manually upgrade JRE (32 bit) version again if you have upgraded from InfoScale 7.4.1 after upgrading JRE to a version later than 1.8.0_181. Then, apply Patch_7_4_20001_0_4013988.
• When you upgrade JRE for the first time, you must install this patch. For each JRE upgrade after the first one, you need to uninstall the patch then install it again.

Connections between VEA server and clients fail when JRE is upgraded on an InfoScale system