iManage ADVISORY:
RPC security vulnerability in on-premises iManage Work Server

September 10, 2020

Cornerstone.IT Gold Microsoft Partner

Connect with us at

www.Cornerstone.IT/contact for the latest updates.

Who is affected?
Select iManage Work desktop and server applications.

by Vidit Desai

iManage announced a newly discovered security vulnerability that affects on-premises customers running any version prior to 10.3. The best way to address this vulnerability is to upgrade the backend Work server to 10.3, but iManage also outlines some temporary mitigation steps. Please let us know if you would like to discuss. We are here to help.

This issue is specific to Work Server and its use of the RPC protocol for communication with select iManage Work desktop and server applications and affects all 8.x, 9.x, and 10.x Work Server versions except for versions 10.2.2.259 and 10.3.1.336. Versions 10.2.2.259 and 10.3.1.336 contain the fix for this issue.

NB, iManage is providing frequent updates, contact us for the latest.

Summary of Mitigation Steps

1

  • Work 10 client: Disable RPC access to Work server by blocking the designated RPC port and restricting network traffic by implementing firewall rules.
  • Classic clients (FileSite/DeskSite): Block Work Server RPC port blocks connections for classic Work application clients. Consider recommendations to implement IP whitelisting as an alternative option.

2

Disable the Work Anywhere access endpoint on Work Server by setting the Hosted DM Enabled registry setting to a value of N.

Alternative Step

Implement IP whitelisting to limit access to your iManage Work environment based on trusted IP addresses or IP address ranges.

Cornerstone.IT graphic

#ITCornerView

Cornerstone.IT