Mitigation instructions available
The iManage Security team identified a vulnerability affecting on-premises versions of iManage products.
If not mitigated, potential remote exploits to an Apache component called Log4J can be executed by a malicious attacker. This vulnerability is known worldwide as CVE-2021-44228.
On-premises customers running any of the following products:
IMPORTANT NOTE – NOT AFFECTED:
To remediate the Apache Log4j security vulnerability in your on-premises environment, we highlighted mitigation tasks for the affected iManage component:
iManage Work Indexer powered by IDOL 10.3.0.26 and later — verify & update Log4j version
iManage Work Indexer powered by RAVN 10.3.x — update
solr.in.cmd configuration file
iManage Records Manager 10.3.x and later — update
programinit.properties configuration file
iManage Security Policy Manager — update
spm-agent-service-irm.xml configuration file
iManage Threat Manager — update docker-compose_v10.yaml docker-compose file
Contact Cornerstone.IT to help mitigate this vulnerability.