Critical Advisory: Update required to address iManage Work Server security vulnerability
27 June 2019
This notice applies to iManage Work on-premises environments running iManage Work Server version 9.5 R2 through to 10.2.0.x.
iManage performs security testing as part of their standard quality assurance process. This vulnerability was identified during their most recent round of testing, prompting immediate actions to identify the root cause and to initiate a remediation plan for all affected iManage customers. The impacted versions of iManage Work Server are installed in on-premises environments.
This vulnerability requires the IMMEDIATE application of an update, or upgrade to the latest release, to avoid a potential breach.
iManage has done the following:
Removed all affected iManage Work Server installation packages from Help Center.
Released a security patch update for some of the versions of iManage Work Server affected by this issue (9.5 R2 through to 10.1.3). NOTE: The security patch update will stop and restart the iManage Work Server service.
Released a new build of iManage Work Server 10.2.0 (10.2.0.186) that contains the required security update. The new build is available on the iManage Work Server 10.x release page.
What do I do?
Delete existing copies of affected iManage Work Server installations and ensure that you do not use any previously downloaded installation packages in your environment including development, testing, and production environments
Contact OIA for assistance in applying the patch update or upgrading to the latest build (depending on the current environment
To review the complete updated advisory, please click here
Please note: This software patch is covered under your iManage maintenance however installation will be charged on a time and materials basis. If you currently have a premium support agreement (PSA) in place with us installation will be covered. To find out more about this service please contact your account manager or OIA support.