This document outlines how you can apply this hotfix. This hotfix include CVE-2020-25839 that addresses a potential SQL injection attack. Special thanks go to Norbert Klasen for responsibly disclosing this issue to us.
You must be on Identity Manager 4.7.4 at a minimum to apply this hotfix.
IMPORTANT:In a cluster setup, ensure that you install the hotfix on each node of the Identity Applications cluster.
Stop the Tomcat service running on your Identity Applications server by running the following command:
systemctl stop netiq-tomcat.service
Back up the IDMProv.war file from the /opt/netiq/idm/apps/tomcat/webapps location.
Delete the following from the /opt/netiq/idm/apps/tomcat/webapps directory:
IDMProv.war
IDMProv directory
Download and extract the IDM47-APPS-SP4_HF3.zip file from the download site.
Locate the IDMProv.war file in the extracted file and copy it to <Tomcat-installed-location>/webapps directory.
Run the following commands to execute permissions and user rights for the replaced war files:
chmod +x IDMProv.war
chown -R novlua:novlua IDMProv.war
Delete all the directories and files from the <Tomcat-installed-location>/temp and <Tomcat-installed-location>/work directories.
Start the Tomcat service on your Identity Applications server by running the following command:
systemctl start netiq-tomcat.service
From the Windows services, stop the IDM Apps Tomcat Service running on your Identity Applications server.
Back up the IDMProv.war file from the <Tomcat-installed-location>\webapps\ folder.
Delete the following from the <Tomcat-installed-location>\webapps\ folder.
IDMProv.war
IDMProv directory
Download and extract the IDM47-APPS-SP4_HF3.zip file from the download site.
Locate the IDMProv.war file in the extracted file and copy it to <Tomcat-installed-location>\webapps\ folder.
Delete all the files and folders from <Tomcat-installed-location>\temp and <Tomcat-installed-location>\work folders.
From the Windows services, start the IDM Apps Tomcat Service on your Identity Applications server.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in NetIQ Identity Manager 4.7 Service Pack 4 Release Notes. If you need further assistance with any issue, please contact Technical Support.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
© 2020 NetIQ Corporation. All Rights Reserved.