iManager 3.0.1Identity Manager iManager Plug-ins
Identity Manager 4.5
PEN tests were executed against the Identity Manager Plug-in, hosted on iManager 220.127.116.11. Some XXE vulnerabilities were identified, allowing the possibility to read arbitrary files.
Note: Special thanks to Pawel.Batunek@ingservicespolska.pl for finding and reporting this issue.
Fixed in the IDM 4.6.1 Identity Manager Plug-ins, dated July 10, 2017 or newer.