NetIQ iManager 3.2 Service Pack 6 Patch 3 HotFix 1 Release Notes

April 2024

NetIQ iManager 3.2 Service Pack 6 Patch 3 Hotfix 1 (3.2.6.0301) resolves specific previous issues. This document outlines how you can install this patch.

For a full list of all issues resolved in NetIQ iManager 3.x, including all patches and service packs, refer to TID 7016795, “History of Issues Resolved in NetIQ iManager 3.x”.

1.0 What’s New

This release includes the following fixes in this release:

1.1 Fixed Issues

This release includes software fixes for the following components:

Resolved Security Vulnerabilities

This version of iManager resolves the following PSVs: 

  • CVE-2024-3488

  • CVE-2024-3487

  • CVE-2024-3486

  • CVE-2024-3485

  • CVE-2024-3484

  • CVE-2024-3483

  • CVE-2024-3969

Special thanks to Blaine Herro (Yahoo! Inc. VRT) for responsibly disclosing the information about Arbitrary File Upload, Request Forgery, Remote Code Execution, XXE Attack, SSRF Attack and Path Traversal attack with the above CVEs to us.

2.0 Installing or Upgrading

You can either freshly install iManager 3.2.6.0301 or upgrade from iManager 3.2.x to iManager 3.2.6.0301. For more information on installation and upgrading to iManager 3.2.6.0300, see the NetIQ iManager Installation Guide.

IMPORTANT:

  • iManager 3.2.6.0301 is not supported with eDirectory 9.2.8 (or later) if both are installed on the same machine.

  • We do not recommend installing or upgrading iManager to version 3.2.6.0301 on Identity Manager Engine 4.8.6. If you do, you might encounter the java.lang.NoClassDefFoundError: Could not initialize class novel.jclient.JCContext error. To fix the issue, follow the steps in this troubleshooting tip.