<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="en-IT" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">A new update has been released for multiple applications in the WebUI.<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"> <b><o:p></o:p></b></p>
<p class="MsoNormal"><b>Inline Reporting enhancements<o:p></o:p></b></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">There is a new feature to manage commonly accessed inline reports. This includes being able to:<o:p></o:p></p>
<p class="MsoNormal">* Save reports to be easily accessed later<o:p></o:p></p>
<p class="MsoNormal">* Share reports with other users<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b>Patch Policies<o:p></o:p></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">* Now supports Red Hat Enterprise Linux 8<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b>MDM application enhancements<o:p></o:p></b></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">* Added WebUI MDM Healthcheck to get basic health information on a given MCM deployment
<o:p></o:p></p>
<p class="MsoNormal">* Added auditing for MDM actions, policy creation / editing, and deploying BigFix agents
<o:p></o:p></p>
<p class="MsoNormal">* Added the ability for users to create Kernel extension whitelisting policies with bundleIDs that had "-" and "_" characters
<o:p></o:p></p>
<p class="MsoNormal">* Added protections for wipe to only deploy to one device at a time
<o:p></o:p></p>
<p class="MsoNormal">* <span lang="EN-US">I</span>mproved error / handling on policy creation / editing pages with more than one panel
<o:p></o:p></p>
<p class="MsoNormal">* <span lang="EN-US">A</span>dded additional validation for siteIDs in policy creation / editing<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b>Security vulnerabilities addressed<o:p></o:p></b></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">* CVE-2018-20834:<o:p></o:p></p>
<p class="MsoNormal">A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with
a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2).<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">* CVE-2020-4104:<o:p></o:p></p>
<p class="MsoNormal">The HCL BigFix Web UI is vulnerable to Stored Cross-site Scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user.<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">* CVE-2020-7598:<o:p></o:p></p>
<p class="MsoNormal">minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">* CVE-2020-7608:<o:p></o:p></p>
<p class="MsoNormal">yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b>Defect articles<o:p></o:p></b></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">* KB0078535: BigFix WebUI Query generates multiple files to download<o:p></o:p></p>
<p class="MsoNormal">* KB0078553: <span lang="EN-US">B</span>igFix WebUI Query Time stamp formatting error<o:p></o:p></p>
<p class="MsoNormal">* KB0078554: BigFix WebUI Query generates repeated results<o:p></o:p></p>
<p class="MsoNormal">* KB0078555: BigFix WebUI Query generates CSV without separators<o:p></o:p></p>
<p class="MsoNormal">* KB0078847: WebUI long login time with delete<span lang="EN-US">d</span> Ubuntu 1604 Patch site<o:p></o:p></p>
<p class="MsoNormal">* KB0079254: Update documentation for Bigfix integration with SAML login<o:p></o:p></p>
<p class="MsoNormal">* KB0079402: Race condition issue during WebUI login<o:p></o:p></p>
<p class="MsoNormal">* KB0079898: Patch Policies include patches from sites which were removed from Console<o:p></o:p></p>
<p class="MsoNormal">* KB0080002: Missing Content-Type in HTTP responses <br>
<span lang="EN-US">* KB0080447: Azure Cloud malfunctioning when there is a failed credential<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><o:p> </o:p></b></p>
<p class="MsoNormal"><b>How to update<o:p></o:p></b></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">WebUI will be updated automatically by default, unless configured otherwise.<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b>Published Versions<o:p></o:p></b></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">WebUI Site Versions:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">5<span lang="EN-US"> - </span>WebUI API
<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">16 - </span>Application Administration<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">16 - </span>Patch Policies<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">56 - </span>Common<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">6 - </span>WebUI Content App<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">27 - </span>Custom<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">10 - </span>WebUI Data Sync<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">12 - </span>WebUI Framework<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">2 - </span>Insights<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">2 - </span>MDM<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">27 - </span>Patch<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">6 - </span>WebUI Permissions and Preferences<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">11 - </span>Profile Management<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">18 – </span>Query<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">1 - </span>Reports<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">28 - </span>Software Distribution<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">11 - </span>WebUI Take Action<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>WebUI Documentation link<o:p></o:p></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">https://help.hcltechsw.com/bigfix/10.0/webui/index.html<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The BigFix WebUI team<o:p></o:p></p>
</div>
</body>
</html>