[BESAdmin-Announcements] BigFix Remote Control 10.0 FP2 is available

[Announcements for BES Administrators]

HCL Software is pleased to announce the availability of BigFix Remote Control version 10.0 FP2



New content:

A new Lite Web Portal is available to provide a solution where you can open a remote session with an On Demand Target (ODT), without using a VPN, even when the controller and the target are over Internet.

A new type of On Demand Target (ODT) package is available for macOS, to improve the user experience while starting a remote session with an On Demand Target (ODT), on macOS Catalina.



Resolved Defect Articles:

KB0081758 - "BigFix Remote Control" entry in the right click menu is greyed-out for macOS computers.

KB0081018 - Broker session on Mac computers does not start because the Controller is not associated with .trcjws files on macOS.

KB0081017 - Error while opening a .jnlp downloaded from the Remote Control server because of V10 java signed jars lack intermediate certificates

KB0081193 - Update browsers versions list in documentation



Security vulnerabilities addressed:

Both Server and Controller components are affected by these vulnerabilities:

CVE-2020-14556  A vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.

CVE-2020-14578  A vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

CVE-2020-14579  A vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

CVE-2020-14577  A vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.

CVE-2020-2781  A vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

CVE-2020-2830  A vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

CVE-2020-2754  A vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

CVE-2020-2755  A vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

CVE-2020-2756  A vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

CVE-2020-2757  A vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.





The content in the Remote Control site has been updated to support this release.



Published site version:

Remote Control, site version 66 (Build Number 10.0.0.0212)



With kind regards,

      The BigFix Remote Control Team



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20200930/94fa1ab1/attachment.html>