[BESAdmin-Announcements] A new update to BigFix WebUI is available!
Announcements for BES Administrators
besadmin-announcements at bigmail.bigfix.com
Fri Jul 10 16:05:10 PDT 2020
A new update has been released for multiple applications in the WebUI.
Inline Reporting enhancements
There is a new feature to manage commonly accessed inline reports. This includes being able to:
* Save reports to be easily accessed later
* Share reports with other users
Patch Policies
* Now supports Red Hat Enterprise Linux 8
MDM application enhancements
* Added WebUI MDM Healthcheck to get basic health information on a given MCM deployment
* Added auditing for MDM actions, policy creation / editing, and deploying BigFix agents
* Added the ability for users to create Kernel extension whitelisting policies with bundleIDs that had "-" and "_" characters
* Added protections for wipe to only deploy to one device at a time
* Improved error / handling on policy creation / editing pages with more than one panel
* Added additional validation for siteIDs in policy creation / editing
Security vulnerabilities addressed
* CVE-2018-20834:
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2).
* CVE-2020-4104:
The HCL BigFix Web UI is vulnerable to Stored Cross-site Scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user.
* CVE-2020-7598:
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
* CVE-2020-7608:
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.
Defect articles
* KB0078535: BigFix WebUI Query generates multiple files to download
* KB0078553: BigFix WebUI Query Time stamp formatting error
* KB0078554: BigFix WebUI Query generates repeated results
* KB0078555: BigFix WebUI Query generates CSV without separators
* KB0078847: WebUI long login time with deleted Ubuntu 1604 Patch site
* KB0079254: Update documentation for Bigfix integration with SAML login
* KB0079402: Race condition issue during WebUI login
* KB0079898: Patch Policies include patches from sites which were removed from Console
* KB0080002: Missing Content-Type in HTTP responses
* KB0080447: Azure Cloud malfunctioning when there is a failed credential
How to update
WebUI will be updated automatically by default, unless configured otherwise.
Published Versions
WebUI Site Versions:
5 - WebUI API
16 - Application Administration
16 - Patch Policies
56 - Common
6 - WebUI Content App
27 - Custom
10 - WebUI Data Sync
12 - WebUI Framework
2 - Insights
2 - MDM
27 - Patch
6 - WebUI Permissions and Preferences
11 - Profile Management
18 – Query
1 - Reports
28 - Software Distribution
11 - WebUI Take Action
WebUI Documentation link
https://help.hcltechsw.com/bigfix/10.0/webui/index.html
The BigFix WebUI team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20200710/a95b76b4/attachment.html>
More information about the Besadmin-announcements
mailing list