Yesterday, iManage announced a new critical data exfiltration security vulnerability in their on-premises iManage Work Server builds. All Work Server versions 9.4, 9.5, and 10.x versions are vulnerable. However, if you are not running 10.2.2.260 or later, iManage does strongly recommend upgrading to at least this build to resolve previous known vulnerabilities.
The following steps can be performed to remediate the vulnerability:
- Sign in as an administrator to the server running Work Server.
- Download the allow_list_patch.zip file from the end of this advisory and extract the contents.
- Copy _iman_allow.conf the extracted archive into the appropriate directory based on your Work Server version.
- Restart Work Server to apply the new configuration.
- Repeat Steps 1–4 for each Work Server in your on-premises environment.
The allow_list_patch.zip file is available for download from the Advisory Bulletin on the iManage Help Center.
Please contact Kraft Kennedy if you need assistance..