iManager - XML External Entity (CVE-2017-7426)

  • 7021173
  • 03-Aug-2017
  • 25-Sep-2017


iManager 2.7.7
iManager 3.0.1
Identity Manager iManager Plug-ins
Identity Manager 4.5


PEN tests were executed against the Identity Manager Plug-in, hosted on iManager Some XXE vulnerabilities were identified, allowing the possibility to read arbitrary files.

Note: Special thanks to for finding and reporting this issue.


Fixed in the IDM 4.6.1 Identity Manager Plug-ins, dated July 10, 2017 or newer.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.