Headline
CVE-2022-38758: NetIQ iManager 3.2 Service Pack 6 Release Notes
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user’s browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.
February 2022
NetIQ iManager 3.2 SP6 resolves previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the iManager Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.
For a full list of all issues resolved in NetIQ iManager 3.x, including all patches and service packs, refer to TID 7016795, “History of Issues Resolved in NetIQ iManager 3.x”.
For more information about this release and for the latest release notes, see the iManager Documentation Web site. To download this product, see the Software License and Download portal.
What’s New
System Requirements
Installing or Upgrading
Known Issues
Legal Notice
1.0 What’s New
iManager 3.2 SP6 provides the following enhancements and fixes in this release:
Operating System Support
Updates for Dependent Components
Fixed Issues
1.1 Operating System Support
In addition to the platforms supported in previous releases of iManager, this release adds support for the following:
Red Hat Enterprise Linux (RHEL) 8.5
Windows Server 2022
1.2 Updates for Dependent Components
This release adds support for the following third-party components:
Azul Zulu 1.8.0_312
Apache Tomcat 9.0.55-1
OpenSSL 1.0.2za
Log4j 2.17.1
1.3 Fixed Issues
This release includes the following software fixes that resolve several previous issues:
Resolved Security Vulnerabilities
This version of iManager resolves security vulnerability CVE-2021-38134. Special thanks to Kajetan Rostojek for responsibly disclosing the information about CVE-2022-38758 to us.
Occasional Delay When Loading Pages on the iManager User Interface After Upgrading to iManager 3.2.5
Fix: With the latest version of Tomcat 9.0.55-1 bundled with iManager 3.2.6, there is no longer any delay while loading the pages on the iManager User Interface.(Defect 440043)
Connection Timeout Issue Seen When Modifying Directory Objects or Using Plug-Ins
Fix: With the latest version of Tomcat 9.0.55-1 bundled with iManager 3.2.6, there is no longer any delay while navigating the pages or browsing objects on the iManager User Interface. (Defect 448035)
2.0 System Requirements
For information about prerequisites, computer requirements, installation, upgrade or migration, see Planning to Install iManager in the NetIQ iManager Installation Guide.
_NOTE:_iManager uses the modified version of XULRunner on Windows. The source code for the modified XULRunner is available under the Mozilla Public License version 2.0. If you need further assistance with any issue, contact Technical Support.
3.0 Installing or Upgrading
To upgrade to iManager 3.2 SP6, you need to be on iManager 2.7.7 P11 or higher.
For more information on upgrading to iManager 3.2 SP6, see the NetIQ iManager Installation Guide.
IMPORTANT:
This version of iManager supports only eDirectory 9.2.6 or above when both are installed on the same machine. If you are upgrading iManager 2.7.7 P11 to 3.2 SP6, ensure that your eDirectory is also upgraded to 9.2.6 before upgrading iManager.
When you install or upgrade to iManager 3.2 SP6, a new imanager_logging.xml file is created that includes the latest log4j 2.17.1 capabilities. During the upgrade process, the existing imanager_logging.xml file is replaced with a new one. As a result, the previous audit settings are lost. To allow auditing for iManager events, you must configure the audit settings again in the new imanager_logging.xml file after the upgrade. Make sure to take a backup of the existing file in a different location before performing the upgrade. For more information, see Auditing iManager Events in the NetIQ iManager Administration Guide.
4.0 Known Issues
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in the NetIQ iManager 3.2 SP5 Release Notes. If you need further assistance with any issue, please contact Technical Support.
4.1 iManager Workstation Does Not Work on SLED 12 SP3, SLED 15, OpenSUSE Leap 42.3, OpenSUSE 13.2, and Onward
Workaround: To workaround this issue, launch iManager using the iManager.sh command and access the workstation through another browser via the URL: http://localhost:8080/nps. The port number can differ. You can find the port number in the iManager.log file located at <extracted_directory>/imanager/bin/iManager.log location.
5.0 Legal Notice
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2022 NetIQ Corporation, a Micro Focus company. All Rights Reserved.