NetIQ iManager 3.2 Service Pack 6 Patch 3 Hotfix 1 (3.2.6.0301) resolves specific previous issues. This document outlines how you can install this patch.
For a full list of all issues resolved in NetIQ iManager 3.x, including all patches and service packs, refer to TID 7016795, “History of Issues Resolved in NetIQ iManager 3.x”.
This release includes the following fixes in this release:
This release includes software fixes for the following components:
This version of iManager resolves the following PSVs:
CVE-2024-3488
CVE-2024-3487
CVE-2024-3486
CVE-2024-3485
CVE-2024-3484
CVE-2024-3483
Special thanks to Blaine Herro (Yahoo! Inc. VRT) for responsibly disclosing the information about Arbitrary File Upload, Request Forgery, Remote Code Execution, XXE Attack, SSRF Attack and Path Traversal attack with the above CVEs to us.
You can either freshly install iManager 3.2.6.0301 or upgrade from iManager 3.2.x to iManager 3.2.6.0301. For more information on installation and upgrading to iManager 3.2.6.0300, see the NetIQ iManager Installation Guide.
IMPORTANT:
iManager 3.2.6.0301 is not supported with eDirectory 9.2.8 (or later) if both are installed on the same machine.
We do not recommend installing or upgrading iManager to version 3.2.6.0301 on Identity Manager Engine 4.8.6. If you do, you might encounter the java.lang.NoClassDefFoundError: Could not initialize class novel.jclient.JCContext error. To fix the issue, follow the steps in this troubleshooting tip.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2024 NetIQ Corporation, a OpenText company. All Rights Reserved.