Monthly Release Notes - April 2020

Jump to:

Core Security

Core Impact

Version: 19.1.9

Apl 30, 2020

  • Assorted Improvements for Exploits: This update contains minor improvements and fixes to several exploit modules.
  • Import Output XML Report from OpenVAS: This update add support to import the output from OpenVAS to Core Impact
  • Exploits Maintenance CVE Numbers 22: This update provides modules that were released prior to a CVE number being assigned (typically noted as NOCVE) with the correct CVE number as well as updating modules with invalid CVE numbers.
  • New Exploits:
    • Microsoft Windows Ws2ifsl UaF Local Privilege Escalation Exploit: An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. (CVE-2019-1215)

    • Microsoft Windows SMBv3 SMBGhost Elevation of Privilege Vulnerability Exploit: An unauthenticated attacker can connect to the target system using SMBv3 and sends specially crafted requests to exploit the vulnerability. This module exploits this vulnerability in the local system in order to achieve an elevation of privilege. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0796)

    • Kinetica Admin getLogs Function Remote OS Command Injection Exploit: The Kinetica Admin web application did not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. (CVE-2020-8429)

    • Microsoft Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Exploit: An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status and take control of an affected system. (CVE-2020-0787)

    • Fuji Electric V-Server Lite VPR File Parsing Overflow Exploit: The specific flaw exists within the processing of VPR files. (CVE-2020-10646)

    • Open-AudIT m_devices.php Remote PHP File Upload Vulnerability Exploit: The sub_resource_create function of class M_devices in m_devices.php of Open-AudIT 3.2.2 allows remote authenticated users to upload arbitrary PHP files, allowing the execution of arbitrary php code in the system. (CVE-2020-11942)

Other Fixes
  • Microsoft Windows SMBv3 CoronaBlue Vulnerability DoS Update: An unauthenticated attacker can connect to the target system using SMBv3 and sends specially crafted requests to exploit the vulnerability. The module exploits this vulnerability in order to generate a Denial of Service This update contains minor fixes to it. (CVE-2020-0796)

Core Network Insight

Version: 7.0.1

Apr 27, 2020

  • Core Security logos have been updated to blue to fit with the HelpSystems brand book.

  • Newly created users can't log in until a second password change.

  • SMTP mail server configuration validation button has been added.

  • Add SSL and TLS/STARTTLS authentication to SMTP server configuration.

  • SSL and TLS/STARTTLS authentication has been added to SMTP server configuration. (CAS-0010192121, CAS-0010184524)

Other Fixes
  • User Permissions prevented from correctly upgrade the product to 7.0. (CAS-0010196258)

  • Software update notifications messages have been corrected to display the correct status of the installation.

  • When creating a new user account, there's a checkbox for forcing the user to change their password upon first logging in that is not being unchecked after the change so the user is requested to change the password after each login. (CAS-0010191716)

  • Corrected a defect where 2 consecutive password resets were needed to allow a new user to log in the product.

  • Memory requirements have been modified to allow a correct functioning on lightweight micro-sensors or vSensors. (CAS-0010195683)

  • Systems and Threat tabs in the GUI are not accessible after scrolling to bottom of the page. (CAS-0010196661)

  • SIEM settings Syslog or Splunk uses UDP irrespective of changes in UI. (CAS-0010198356)

  • Statistics are now saved in multiple files. (CAS-0010198455)

Visual Identity Suite (VIS)

Version: 2.3.2
Other Fixes
  • Fixed browser issues caused by the latest Google Chrome browser release.
  • Additional scaling provided to handle larger numbers of roles.

Back to Top



GoAnywhere MFT

Version 6.4.3
  • Updated Gateway Manager to support SSL termination and SSL rewrap for GoAnywhere Gateway version 2.8.0.
  • Upgraded the Netty library from version 4.1.42 to version 4.1.48.
  • Fixed an issue where an input stream was left open causing Agent server threads to get hung up.

GoAnywhere Gateway

Version 2.8.1
  • Fixed an issue where the key store type was not defaulting to JKS when not supplied for configurations using Control SSL or SSL Termination.
Version 2.8.0
  • Added support for SSL Termination and SSL ReWrapping.
  • Fixed an issue where an extra line feed or carriage return would cause a license to be invalid.
  • Upgraded Apache Commons-Collections from 3.2 to 3.2.2.
  • Upgraded the Netty library from 4.1.33 to 4.1.48.

GoAnywhere Desktop Client for Windows

Version 3.1.0
  • Added a new feature to navigate directly to a folder path within the Web User's Secure Folders.
  • Added a timestamp to notifications for GoDrive events.
  • Added the ability to enabled or disable Windows Authentication for existing device accounts.
  • Upgraded the internal storage used for GoDrive data to support newer and stronger cryptography.
  • Improved the cleanup process for accounts that don't complete the registration process.
  • Improved the startup process when there are multiple accounts.
  • Fixed an issue where, in rare cases, the device would continuously try to authenticate when the Web User was disabled.

Back to Top


IBM Partnership

Rational Developer for i

  • /copy and /include files now can be opened from source stored on IFS.
  • ACS now can be launched from RDi without requiring a separate Java Runtime Environment installation.
Other Fixes
  • Fixed option selection UI problem in the Add Procedure Parameter dialog.
  • SQL is no longer autoformatted. Formatting now occurs when the user invokes the format action (APAR SE68862).
  • Enabling LPEX preference "display whitespace characters" makes some terms in RDPLE source harder to see (APAR SE69572).
  • Screen designer may show an incorrect value in the properties view for a referenced field (APAR SE70098).
  • Embedded CRLF sequences in SQL are not handled by the Remote Systems LPEX editor (APAR SE70241).
  • Editing an RPGLE member that references a copy member with DBCS characters in a variable name results in a parser error (APAR SE70349).
  • Updating RDi to v9.6.0.5 may result in some web tooling views not displaying the correct information (APAR SE70532).
  • IllegalArgumentException observed after a second and subsequent attempts to verify source in an IFS file (APAR SE70867).
  • Restarting RDi with open members and no connection to the host causes an excessive number of connection dialogs (APAR SE71085).
  • Browse/Edit toggle not available for CBL source type in the Remote Systems LPEX editor (APAR SE71091).
  • ILE RPG EXTPROC defined with no arguments not handled correctly by the parser and content assist (APAR SE71230).
  • Extract constants can produce a constant name the same as a procedure name causing msgrnf7421 during compilation (APAR SE71501).
  • i Project changes not always pushed when "push selected resources if there are any changes" is selected (APAR SE72138).
  • Indicators are not properly represented in the outline view when editing ILE RPG source (APAR SE72250).
  • Source opened from the error list view opened in edit mode when preferences are set to open in browse mode (APAR SE72370).
  • Embedded SQL statements in ILE RPG continued from column 80 may result in an ArrayIndexOutOfBoundsException (APAR SE72392).
  • Unsupported syntax checking and program verify preferences for ILE RPG, RPG/400, and COBOL no longer show as enabled in macOS environments (APAR SE72449).
  • Field size not reported correctly in the Outline view (APAR SE72827).
  • Content assist will not insert a proposal if the inserted value would flow past column 80 in **free ILE RPG (APAR SE72840).
  • Column sensitive editing preference affects editing fully free RPG source (APAR SE72953) .
  • When editing SQLRPGLE source with the Remote Systems LPEX editor, the SQL FETCH statement does not format well (APAR SE73285).

Back to Top



Version: 6.4.3

Apl 14, 2020

  • Changes were made to enhance map loading time at startup with large numbers of maps and charts.

  • The ability to detect corrupted chart files and repair them has been improved significantly.

  • A number of improvements in memory management and CPU usage have been completed. Even with large numbers of maps and charts, memory and CPU usage have been signficantly reduced.

Other Fixes
  • When exporting a mix of old and new chart data to Intermapper Database, the export now completes reliably.

  • The WMI Logged-on Users probe now works properly with Windows Server 2012 R2.

Back to Top



BoKS Web Services Interface


Apr 9, 2020

  • Added the ability to set a configurable timeout for calls to the BoKS admin server, BCCAS. You can configure the time for the timeout. If the call fails, an error is logged. Request timeout is configured using the parameter requesttimeout in the config.yaml file and is specified in seconds. The default is 60 seconds.

  • Added enhanced error logging capabilities for failed requests.

  • Fixed an issue where an incorrect content length setting for UTF-8 characters in combination with the system locale not being set to UTF-8 could cause the WSI server to stop responding.

  • Update of third-party dependencies.

Compliance Monitor

Version 4.1

Apr 27, 2020

  • Security information for the connection certificate is now encrypted for installations in which TLS is used to encrypt communication between the Consolidator and the browser-based user interface.

Exit Point Manager

Version 7.24

Apr 16, 2020

  • A problem causing incorrect hex-encoded SQL transaction data in reports has been resolved.
  • PTNSLOGEXT no longer omits *FTPSIGNON activity when the Include User Profile (USR) parameter is used.
  • A problem causing some reports to omit column headings from stream-file output has been resolved.
  • Errors in the help text for the PNSLOGEXT command have been corrected.
  • A problem that caused the PNSLOGEXT command to fail when processing failed journal entries has been resolved.
  • An issue that could cause missing QSOCONNECT transactions on reports has been corrected.
  • A problem causing functions to display as numeric values instead of text has been resolved.

Password Self Help

Version 3.004

Apr 27, 2020

  • An issue causing the "Same Answer Allowed" setting to fail in some configurations has been corrected.
  • The message "unsupported version of PSH installed" no longer incorrectly appears when creating a product connection to a supported version of Password Self Help from HelpSystems Insite. The correct product version is now displayed.

Risk Assessor

Version 3.1

Apr 14, 2020

  • A problem causing ‘/’ to be incorrectly listed in place of ‘/QOpenSys’ in the SKYASSESS document has been corrected.
  • An issue causing the SKYGRPPTF report to be empty when the IBM i does not have an Internet connection has been resolved. The report is now populated with the group PTFs that are currently installed.
  • In the System Value table of the SKYASSESS document, the QATNPGM value is no longer incorrectly flagged as deviating from the Recommended setting. (It is at the recommended setting.)
  • An issue causing the PTF Group SF99333 to be incorrect in the SKYGRPPTF report in some cases has been corrected.
  • A CPF3309 error caused by a large number of trigger programs on the system has been addressed, and no longer results in assessment failures.

SIEM Agent for IBM i

Version 4.1

Apr 2, 2020

  • Outputs can no longer be created without specifying a Format.
  • A problem causing incorrect data to be added to T:SV (System Value change) transactions has been resolved.
  • A rules processing improvement removes the requirement to create catch-all rules in certain scenarios, improving the user experience.
  • The inability to resolve the IP address when a fully qualified domain name is set as the Location for an Output has been corrected.
  • A journal monitor performance issue has been resolved.
  • The inability to create Output files in some scenarios has been corrected.
  • A problem causing the field values in Conditions to not be included in copied rules has been resolved.

Back to Top



Robot Reports

Version 7.72

Apl 13, 2020

  • Fixed issue with extended subject line compatibility for Alert 6 and above.

Back to Top



Viewpoint 11

Version: 11.20.093

Apr 7, 2020

Other Fixes
  • Improved visualization of the join relationships in the View Designer File & Field tab.

  • The Excel Add-in supports views with *SERVER syntax.

Back to Top



Viewpoint 10

Version: 10.20.093

Apr 7, 2020

Other Fixes
  • Improved visualization of the join relationships in the View Designer File & Field tab.

  • The Excel Add-in supports views with *SERVER syntax.

C&DS Migration Utility

Version: 10.20.093

Apr 7, 2020

  • No updates for this release.

Back to Top