Menu
September 10, 2020
Who is affected?
Select iManage Work desktop and server applications.
iManage announced a newly discovered security vulnerability that affects on-premises customers running any version prior to 10.3. The best way to address this vulnerability is to upgrade the backend Work server to 10.3, but iManage also outlines some temporary mitigation steps. Please let us know if you would like to discuss. We are here to help.
This issue is specific to Work Server and its use of the RPC protocol for communication with select iManage Work desktop and server applications and affects all 8.x, 9.x, and 10.x Work Server versions except for versions 10.2.2.259 and 10.3.1.336. Versions 10.2.2.259 and 10.3.1.336 contain the fix for this issue.
NB, iManage is providing frequent updates, contact us for the latest.
Disable the Work Anywhere access endpoint on Work Server by setting the Hosted DM Enabled registry setting to a value of N.
Implement IP whitelisting to limit access to your iManage Work environment based on trusted IP addresses or IP address ranges.
