On December 9th 2021, Apache published a zero-day critical vulnerability (CVE-2021-44228) for its widely popular Apache Log4j, and is being referred to as “Log4Shell.” This vulnerability is considered “critical” with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges. If you haven’t yet heard the news, this is a severe risk with a major security flaw being discovered.


When exploited, an attacker can run arbitrary code on a device and gain full control of the exploited device — this will render the device compromised, and may impact other devices trusted by the compromised device which is now controlled by the attacker.


What does that mean for you? What iManage products have been affected? How has iManage responded to this vulnerability?

NOTE: RBRO products do not use any Java libraries, including Log4J. This vulnerability will have no impact on any of our products.


iManage products affected by this issue


iManage has released mitigation steps on the latest Apache log4j vulnerability (see iManage for complete details). The following components listed by iManage are affected by CVE-2021-44228 and require action to remediate the issue.


NOTE: All cloud issues have been mitigated and there was zero impact to any customer data stored in iManage Cloud.


iManage Work Server is not affected by this issue.


Product affected


Component(s) affected in product


Versions affected


iManage Work Indexer powered by

IDOL (IDOL Indexer)

  • WorkSite Connector
  • WorkSite DiffTool
IDOL Indexer and later
iManage Work Indexer powered by

RAVN (RAVN Indexer)

  • RAVN Solr
RAVN Indexer 10.3.x
iManage Records Manager
  • iManage Records Manager Server
  • iManage Records Manager Indexer
Records Manager 10.3.x and later
iManage Security Policy Manager
  • iManage Records Manager Agent
  • Adjust Security REST Service
All versions
iManage Threat Manager
  • iManage Threat Manager
All versions



We are committed to security

RBRO Solutions has identified the affected components and we are updating our systems and products. Our security team and their efforts completed the investigation of its own devices and networks and found no evidence of compromise at this time.

If you require additional information, please do not hesitate to contact your RBRO Solutions representative.