Cloud Security Enhancements 2022

Version

#    

Description

Module

22.3.10

61365

Tightened security around access to LDAP Imported users via the API. This covers CVE-2021-36721.

Security

22.2.20

67655

Tightened security around access to vulnerable files in the SysAid server. This covers CVE-2022-23166.

Security

22.2.20

67656

Tightened security against potential Cross-Site Scripting (XSS) attacks. This covers CVE-2022-23165.

Security

22.1.60

66686

Added validation of file types when attachments are uploaded to SysAid. See list of supported file types here. This covers CVE-2021-22796.

Security

22.1.60

67241

Tightened security against potential XSS attacks in the Password Services Module.

Security

22.1.60

66686

Added validation of file types when attachments are uploaded to SysAid. See list of supported file types here.

Security

22.1.60

67238

Increased security around server information.

Security

22.1.60

67258

Tightened security against potential XSS attacks via the Linked SRs field.

Security

22.1.60

67262

Tightened security against potential XSS attacks in the Asset Dashboard.

Security

22.1.50

54161/58032

Improved Patch Management implementation mechanism to resolve Apache HTTPD vulnerability errors.

Security

22.1.50

66692

Tightened security around access for non-admin users. This covers CVE-2022-22798.

Security

22.1.40

66542

Tightened security to prevent potential XSS (cross-site scripting) attacks.

Security

22.1.30

66129

Added validation when end users self-registered for the Self-Service Portal. This covers CVE-2021-43974.

Security

22.1.10

65584

Tightened security around change password capability in the My Settings page.

Security

22.1.10

65530

We upgraded to the latest Apache released version 2.17.1 to continue addressing the log4j vulnerability.

Security

21.4.70

65345

Included a fix for the Log4j vulnerability. For more information, click here.

Security

21.4.60

64957

Tightened security to prevent potential SQL Injections in SysAid’s old mobile portal. This covers CVE-2021-43971.

Security

21.4.60

65003

Tightened security around uploading image files and the type of files that users can upload in SysAid. This covers CVE-2021-43972 and CVE-2021-43973 .

Security

21.2.50

62727

We’ve removed the “Enforce password complexity for local users” checkbox from the Account Defaults page. The checkbox was initially added for the transition phase for this feature. As of now, the password complexity is always enforced.

Security

20.2.50

53673

Please note that as part of our ongoing commitment to security, we’re tightening the secured connection to our services. As of May 10, 2020, we’ll be blocking the older non-supported TLS protocol versions 1.0/1.1, and will only allow the more advanced secured versions.

So please be aware that if you’re using very old browsers, you won’t be able to access our services. You’ll need to ensure that all machines that are running the SysAid agent use a .NET Framework of 4.6 or higher that supports higher TLS protocols.

For details on browser support for TLS versions, please read this article.

Security

2020

Enforced timeout functionality has been expanded to cover more cases of session inactivity.

Security

2020

August 2020: For those of you who enabled the option to allow non-secured (HTTP) access to your SysAid account, please be aware that we’re retiring this option (it’s a checkbox). Instead, all non-secured traffic will be redirected to a secured channel (HTTPS).

Security