Admin Console iManager tomcat process on Windows runs from system account

  • 7017814
  • 04-Jul-2016
  • 22-Jul-2016


NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
Admin Console running on Windows 2012


Admin Console installed and running on Windows 2012 platform. The iManager environment runs on top of tomcat framework, but has system rights on the hosting Windows Server. This allows an attacker that manages to gain access to the server, to execute system commands. This is a serious security flaw because it may be possible to gain access on other systems after gaining rights to iManager system.


Apply NAM 4.2.2 patch.

To workaround the issue on older systems, change the service account to local user for tomcat process. Follow that up by changing iManager directory permission to local user. Access to iManager will continue to work fine.