Vulnerability in DOMPurify in One Identity Manager 8.2.x and 9.x local HTML5 documentation. How does this affect me? When installing the Identity Manager Client Tools, there is an option to install a local HTML copy of the product documentation on the target server. The install is also done by default on servers hosting Identity Manager Web Applications. This documentation was created using 3rd party software where recently a vulnerability in component DOMPurify version 1.0.11 has been detected. Resolution Version specific Hotfixes have been created to address this issue. A transport package is provided to install the hotfix. It is recommended all customers on versions 8.2.x and above install the hotfixes on any servers hosting Identity Manager Web Applications, or that have the optional documentation installed. For more information and to download the hotfix, please see KB 4374509. This issue will be resolved in all future releases. We apologize for the inconvenience this issue may have caused. |
---|
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center