Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-26329: Software Fixes - NetIQ Identity Manager 4.8 Service Pack 5 Release Notes

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.

CVE
#vulnerability#js#perl#ssl

NetIQ Identity Manager includes software fixes that resolve several previous issues in the Identity Applications:

Ability to Map a Static Resource to a Role Successfully

Mapping a static resource with administrator-assigned values to a role works as expected. Identity Applications no longer return a null pointer exception. (Bug 317258)

Activity.getUser() Expression Used to Map Data Items in an Approval Activity Works as Expected

Identity Applications successfully evaluates the Activity.getUser() expression in an approval activity and moves the form data into the target flowdata field, without logging error or failure messages in the catalina.out event logs. (Bug 381158)

Request to the getWorkEntriesRequest SOAP API Return Work Details for All Addressees in the Query

The getWorkEntriesRequest SOAP Endpoint has been updated to handle the request and returns the appropriate responses for all addressees, even if work entries for one or more addressees are missing or an addressee’s Fully Qualified Distinguished Name (FQDN) does not exist. (Bug 438023 and 438024)

Workflows with Legacy Forms Loading Properly

With the latest version of Tomcat 9.0.55-1 bundled with Identity Manager 4.8.5, there is no longer any delay while loading workflows with legacy forms on the Identity Applications Dashboard. (Bug 450031)

Roles and Resource Names with a Colon Sign is Now Correctly Listed in the Search Results

Dashboard now takes the colon sign into account when searching for entities such as roles, resources, and permissions, and displays the search results correctly. (Bug 328633)

Identity Applications No Longer Takes Time to Retrieve the Client Configurations of a Logged-in User

Identity Applications promptly retrieves the client configurations of a logged-in user via the users/userDefaults REST API, even if a custom groupMembership attribute is added to the user entity.(Bug 329642)

Identity Applications Validates and Loads the Extended Session Based on the User Credentials

When a Dashboard session is extended with a different credential, the previous session is closed, and a new session based on the new user credentials is launched.(Bug 367148)

Request to the getWorkEntriesRequest SOAP Endpoint Return Work Details Without Errors

The getWorkEntriesRequest SOAP endpoint has been updated to successfully return the work details in response to a query with an array of addressees.(Bug 379272)

Slow Loading of the Dashboard and Applications Pages Is Now Fixed

After upgrading to Identity Manager 4.8.5, the and pages load seamlessly (without a delay), regardless of the number of applications assigned to a user. (Bug 383012)

Resource Assignments Search Functionality Return Accurate Search Results

The search functionality is updated to search all resource assignments in the application and provide accurate search results based on the search criteria. (Bug 328314)

Ability to Send an Image in the Email Notification Works as Expected

When an email server is configured to use SMTP TLS for secure transmission, the attached or embedded image in the email is displayed successfully. (Bug 348018)

Identity Applications Checks the Entity Type in IDVault.get() Function to Retrieve an Entity’s Attribute Values Correctly

When using the IDVault.get() function in a new JSON form, Identity Applications will validate the entity type in the same way that they did in legacy forms. (Bug 360020)

Role Assignments Search Functionality Return Accurate Search Results

The search functionality is updated to search all role assignments in the application and provide accurate search results based on the search criteria. (Bug 405005)

Dashboard Creates Resources for Administrator-Defined Entitlements Correctly

When creating a resource for an administrator-defined entitlement type, Dashboard displays the text box correctly. Identity Applications then creates an eDirectory resource object with appropriate values for all resource attributes. (Bug 328129)

Users Can be Seamlessly Migrated From One Organization Unit to Another With No Errors

The migration of users from one organization unit to another is working as expected. Users can perform their tasks successfully after the migration. Identity Applications no longer display errors in the catalina.out event logs. (Bug 340041)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907