Contents x
Cloud Security Enhancements 2022
- 05 Jul 2023
Share this
- Print
- Share
- PDF
Contents
Cloud Security Enhancements 2022
- Updated on 05 Jul 2023
- Print
- Share
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
Version | # | Description | Module |
22.3.10 | 61365 | Tightened security around access to LDAP Imported users via the API. This covers CVE-2021-36721. | Security |
22.2.20 | 67655 | Tightened security around access to vulnerable files in the SysAid server. This covers CVE-2022-23166. | Security |
22.2.20 | 67656 | Tightened security against potential Cross-Site Scripting (XSS) attacks. This covers CVE-2022-23165. | Security |
22.1.60 | 66686 | Added validation of file types when attachments are uploaded to SysAid. See list of supported file types here. This covers CVE-2021-22796. | Security |
22.1.60 | 67241 | Tightened security against potential XSS attacks in the Password Services Module. | Security |
22.1.60 | 66686 | Added validation of file types when attachments are uploaded to SysAid. See list of supported file types here. | Security |
22.1.60 | 67238 | Increased security around server information. | Security |
22.1.60 | 67258 | Tightened security against potential XSS attacks via the Linked SRs field. | Security |
22.1.60 | 67262 | Tightened security against potential XSS attacks in the Asset Dashboard. | Security |
22.1.50 | 54161/58032 | Improved Patch Management implementation mechanism to resolve Apache HTTPD vulnerability errors. | Security |
22.1.50 | 66692 | Tightened security around access for non-admin users. This covers CVE-2022-22798. | Security |
22.1.40 | 66542 | Tightened security to prevent potential XSS (cross-site scripting) attacks. | Security |
22.1.30 | 66129 | Added validation when end users self-registered for the Self-Service Portal. This covers CVE-2021-43974. | Security |
22.1.10 | 65584 | Tightened security around change password capability in the My Settings page. | Security |
22.1.10 | 65530 | We upgraded to the latest Apache released version 2.17.1 to continue addressing the log4j vulnerability. | Security |
21.4.70 | 65345 | Included a fix for the Log4j vulnerability. For more information, click here. | Security |
21.4.60 | 64957 | Tightened security to prevent potential SQL Injections in SysAid’s old mobile portal. This covers CVE-2021-43971. | Security |
21.4.60 | 65003 | Tightened security around uploading image files and the type of files that users can upload in SysAid. This covers CVE-2021-43972 and CVE-2021-43973 . | Security |
21.2.50 | 62727 | We’ve removed the “Enforce password complexity for local users” checkbox from the Account Defaults page. The checkbox was initially added for the transition phase for this feature. As of now, the password complexity is always enforced. | Security |
20.2.50 | 53673 | Please note that as part of our ongoing commitment to security, we’re tightening the secured connection to our services. As of May 10, 2020, we’ll be blocking the older non-supported TLS protocol versions 1.0/1.1, and will only allow the more advanced secured versions. So please be aware that if you’re using very old browsers, you won’t be able to access our services. You’ll need to ensure that all machines that are running the SysAid agent use a .NET Framework of 4.6 or higher that supports higher TLS protocols. For details on browser support for TLS versions, please read this article. | Security |
2020 | Enforced timeout functionality has been expanded to cover more cases of session inactivity. | Security | |
2020 | August 2020: For those of you who enabled the option to allow non-secured (HTTP) access to your SysAid account, please be aware that we’re retiring this option (it’s a checkbox). Instead, all non-secured traffic will be redirected to a secured channel (HTTPS). | Security |
For all the details on how SysAid prioritizes your security click here.
.png)