[BESAdmin-Announcements] BigFix WebUI, MCM, IVR new release (December 2022 release)

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Thu Dec 15 15:47:59 PST 2022 

HCL Software is pleased to announce an update to BigFix WebUI, MCM and Insights for Vulnerability Remediation!

The main features in this release are as follows:



WebUI Extensions!

BigFix is now introducing the ability to extend WebUI beyond what is delivered in the products for which you are currently entitled. These extensions will be accessible in the UI through the global navigation and used seamlessly together with the rest of the applications.

At this time, the development of WebUI extensions is limited to HCL in order to accelerate the customization of the interface to your needs outside of the published applications (contact your HCL representative for more information). In the future, we do plan to publish an official SDK to enable customers to create their own WebUI extensions!



Other enhancements:

  *   Take Action Dialog: you can now modify or override applicability relevance, success criteria and actionscript directly during the action deployment process
  *   Device view: it is now possible to delete endpoints
  *   Total number of active WebUI sessions is now logged at standard logging levels
  *   Patch and Patch Policies: Added RHEL 9 and Debian 11 support
  *   Patch Policies:  Added autorefresh settings to sidebar
  *   Patch Policies: Data is now signed to prevent tampering and improved security
  *   IVR: New upgrade Fixlet to simplify upgrades from older versions of the IVR Service
  *   IVR App: Document page now displays Impact information for Qualys
  *   IVR: Added new Fixlet to configure approvelist for IVR Report Download URLs
  *   Insights: TypeORM upgrade to 0.3.10
  *   Insights: Row Level Security (RLS) Enhancements



MCM /Mobile updates:

  *   MCM now supports MacOS Ventura (Version 13)
  *   MCM Security updates: PRB0101288 / PRB0109646 (CVE-2022-347616, CVE-2022-31129, CVE-2022-25887, CVE-2021-27782)​
  *   Note that there were some important recent changes in the Plug-in Portal which improve device representation in the WebUI for Cloud and MCM endpoints referenced here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0093657<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.hcltechsw.com%2Fcsm%3Fid%3Dkb_article%26sysparm_article%3DKB0093657&data=05%7C01%7Calessandro.dinia%40hcl.com%7C5cb5f61075a04bc0924b08dadc54f7d2%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C638064554733714981%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lHRlm1X%2Fg8wrT0%2F61zTDfMFPmCkhQosCrhgI8HwWToY%3D&reserved=0>



The WebUI release addresses the following Security Vulnerabilities:

  *   CVE-2022-38655 (BigFix WebUI)
  *   CVE-2022-31129 (moment)
  *   CVE-2022-25887 (sanitize-html)
  *   CVE-2022-33987 (got)
  *   CVE-2021-41184, CVE-2021-41183, CVE-2021-41182, CVE-2022-31160 (jquery-ui)
  *   CVE-2021-32013, CVE-2021-32014, CVE-2021-32012 (js-xlsx)
  *   CVE-2022-25896 (passport)
  *   CVE-2022-39299 (passport-saml)
  *   CVE-2022-37616 (xmldom)
  *   WS-2022-0322 (d3-color)



This release addresses the following Defect Articles:

  *   KB0101193 - Four Eyes Authentication check issue<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fjira02.hclpnp.com%2Fbrowse%2FBW-29655&data=05%7C01%7Calessandro.dinia%40hcl.com%7Cfeeb38801f294751433d08dade1e176e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C638066518067031105%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dqiHHqiL7C6MGlcJfTV1NY4NUlLBo7mk09J1FDjXm%2Bo%3D&reserved=0>
  *   KB0099159 - Custom Retrieved Properties from Actionsite cause Values to be missing from WebUI<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fjira02.hclpnp.com%2Fbrowse%2FBW-28708&data=05%7C01%7Calessandro.dinia%40hcl.com%7Cfeeb38801f294751433d08dade1e176e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C638066518067031105%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2B60STXhOkhrIyKb9q6niqFsxN%2FE4LLSjgNRJWLIpoIQ%3D&reserved=0>
  *   KB0093158 - Cannot create new dashboards in WebUI<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fjira02.hclpnp.com%2Fbrowse%2FBW-26022&data=05%7C01%7Calessandro.dinia%40hcl.com%7Cfeeb38801f294751433d08dade1e176e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C638066518067031105%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nji0US91GtW9pJdcUQ70KyhpTyySPiSvStDnCdmRz7I%3D&reserved=0>
  *   KB0100676 - Patch Policies- Don't issue actions for deleted groups
  *   KB0100410 - Labeling of the stagger action option
  *   KB0098853 - Patch Policies doesn't clean up PP_Schedule_ID client settings (resolved for Windows endpoints only)
  *   KB0094270 - Insights Deviceinventory report: inconsistency between the Total Devices and the device actually in Console
  *   KB0097967 - Insights ETLs fail
  *   KB0100642 - Insights: Customer is getting an error when running the Insight import.
  *   KB0101004 - IVR vulnerability list issue
  *   KB0099583 - IVR: WebUI not listing IVR vulnerabilities
  *   KB0099327 - Insights for Vulnerability Remediation v1.4 – Validation
  *   KB0100269 - IVR: Unexpected remediation status for superseded patches
  *   KB0101901 - IVR: Import failure





How to update

WebUI will update automatically by default, unless configured otherwise.

Please note that updates for BigFix Insights must be done manually via the Application Updates page on WebUI. For more information, please see https://help.hcltechsw.com/bigfix/10.0/webui/WebUI/Admin_Guide/c_manage_application_updates.html<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.hcltechsw.com%2Fbigfix%2F10.0%2Fwebui%2FWebUI%2FAdmin_Guide%2Fc_manage_application_updates.html&data=05%7C01%7Calessandro.dinia%40hcl.com%7Cfeeb38801f294751433d08dade1e176e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C638066518067031105%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4ok20Gj06NnJe43Ra9d8s9X95zUgsIbC7haEzFi5%2FA8%3D&reserved=0>.



Published WebUI Site Versions

WebUI Site Name

Version

Application Administration

27

Common

75

Custom

37

Patch

36

Patch Policies

30

Profile Management

20

Query

30

Software Distribution

41

WebUI API

13

WebUI CMEP

WebUI SCM

6
4

WebUI Content App

16

WebUI Data Sync

21

WebUI Extensions

1

WebUI Insights

13

WebUI IVR

3

WebUI Framework

22

WebUI MDM

13

WebUI Permissions and Preferences

15

WebUI Reports

10

WebUI Take Action

22



Mobile/MCM sites:



BESUEM                                                    37

BESUEM Mobile                                  14





WebUI Documentation link:

https://help.hcltechsw.com/bigfix/10.0/webui/index.html<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.hcltechsw.com%2Fbigfix%2F10.0%2Fwebui%2Findex.html&data=05%7C01%7Calessandro.dinia%40hcl.com%7Cfeeb38801f294751433d08dade1e176e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C638066518067031105%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Z2rf4ZuY00aMBcbSuvi1R6rgRTVw0ZPfEayz4BA11oM%3D&reserved=0>





HCL BigFix - WebUI Team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20221215/1c08dbb4/attachment.html>

More information about the Besadmin-announcements mailing list