Cloud Security Enhancements 2022
    • 05 Jul 2023
    • PDF

    Cloud Security Enhancements 2022

    • PDF

    Article summary

    Version

    #    

    Description

    Module

    22.3.10

    61365

    Tightened security around access to LDAP Imported users via the API. This covers CVE-2021-36721.

    Security

    22.2.20

    67655

    Tightened security around access to vulnerable files in the SysAid server. This covers CVE-2022-23166.

    Security

    22.2.20

    67656

    Tightened security against potential Cross-Site Scripting (XSS) attacks. This covers CVE-2022-23165.

    Security

    22.1.60

    66686

    Added validation of file types when attachments are uploaded to SysAid. See list of supported file types here. This covers CVE-2021-22796.

    Security

    22.1.60

    67241

    Tightened security against potential XSS attacks in the Password Services Module.

    Security

    22.1.60

    66686

    Added validation of file types when attachments are uploaded to SysAid. See list of supported file types here.

    Security

    22.1.60

    67238

    Increased security around server information.

    Security

    22.1.60

    67258

    Tightened security against potential XSS attacks via the Linked SRs field.

    Security

    22.1.60

    67262

    Tightened security against potential XSS attacks in the Asset Dashboard.

    Security

    22.1.50

    54161/58032

    Improved Patch Management implementation mechanism to resolve Apache HTTPD vulnerability errors.

    Security

    22.1.50

    66692

    Tightened security around access for non-admin users. This covers CVE-2022-22798.

    Security

    22.1.40

    66542

    Tightened security to prevent potential XSS (cross-site scripting) attacks.

    Security

    22.1.30

    66129

    Added validation when end users self-registered for the Self-Service Portal. This covers CVE-2021-43974.

    Security

    22.1.10

    65584

    Tightened security around change password capability in the My Settings page.

    Security

    22.1.10

    65530

    We upgraded to the latest Apache released version 2.17.1 to continue addressing the log4j vulnerability.

    Security

    21.4.70

    65345

    Included a fix for the Log4j vulnerability. For more information, click here.

    Security

    21.4.60

    64957

    Tightened security to prevent potential SQL Injections in SysAid’s old mobile portal. This covers CVE-2021-43971.

    Security

    21.4.60

    65003

    Tightened security around uploading image files and the type of files that users can upload in SysAid. This covers CVE-2021-43972 and CVE-2021-43973 .

    Security

    21.2.50

    62727

    We’ve removed the “Enforce password complexity for local users” checkbox from the Account Defaults page. The checkbox was initially added for the transition phase for this feature. As of now, the password complexity is always enforced.

    Security

    20.2.50

    53673

    Please note that as part of our ongoing commitment to security, we’re tightening the secured connection to our services. As of May 10, 2020, we’ll be blocking the older non-supported TLS protocol versions 1.0/1.1, and will only allow the more advanced secured versions.

    So please be aware that if you’re using very old browsers, you won’t be able to access our services. You’ll need to ensure that all machines that are running the SysAid agent use a .NET Framework of 4.6 or higher that supports higher TLS protocols.

    For details on browser support for TLS versions, please read this article.

    Security

    2020


    Enforced timeout functionality has been expanded to cover more cases of session inactivity.

    Security

    2020


    August 2020: For those of you who enabled the option to allow non-secured (HTTP) access to your SysAid account, please be aware that we’re retiring this option (it’s a checkbox). Instead, all non-secured traffic will be redirected to a secured channel (HTTPS).

    Security

    For all the details on how SysAid prioritizes your security click here.


    What's Next