Monthly Release Notes - April 2020

Jump to:

Boldon James


Mac Classifier

Version 3.12.3

April 2020

New Featuers
  • Mono version 5.12 or later is required if you will be running Classifier on macOS versions up to and including Mojave. For macOS Catalina, testing with this current Classifier release indicates that Mono version 6.4 is required. Mono can be obtained from https://download.mono-project.com/.

Enhancements
  • Basic status information is shown in the Classifier menu if you hold the Option button while opening it. This menu is now always created on startup, even when Classifier cannot find a valid configuration.

Other Fixes
  • The Classifier button now appears disabled in Excel, Word, or PowerPoint, when Classifier is disabled in the policy.

  • Addresses an issue where Mac Classifier fails to load the configuration from the root folder on some web servers.

  • There was an issue where subject labels may not be formatted correctly if the user did not add a subject to the message, and hence the label was not decoded on delivery. This no longer occurs with recent versions of Outlook – tested on 16.35.

  • Classifier will now display a message on startup if the evaluation license has expired.

  • Some changes to avoid issues encountered when running alongside Adobe Creative Cloud applications.

  • Fixes the case where an evaluation license warning is incorrectly given when using a subscription license.

Back to Top

 

Core Security


Core Impact

Version: 19.1.9

Apl 30, 2020

Enhancements
  • Assorted Improvements for Exploits: This update contains minor improvements and fixes to several exploit modules.
  • Import Output XML Report from OpenVAS: This update add support to import the output from OpenVAS to Core Impact
  • Exploits Maintenance CVE Numbers 22: This update provides modules that were released prior to a CVE number being assigned (typically noted as NOCVE) with the correct CVE number as well as updating modules with invalid CVE numbers.
  • New Exploits:
    • Microsoft Windows Ws2ifsl UaF Local Privilege Escalation Exploit: An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. (CVE-2019-1215)

    • Microsoft Windows SMBv3 SMBGhost Elevation of Privilege Vulnerability Exploit: An unauthenticated attacker can connect to the target system using SMBv3 and sends specially crafted requests to exploit the vulnerability. This module exploits this vulnerability in the local system in order to achieve an elevation of privilege. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0796)

    • Kinetica Admin getLogs Function Remote OS Command Injection Exploit: The Kinetica Admin web application did not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. (CVE-2020-8429)

    • Microsoft Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Exploit: An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status and take control of an affected system. (CVE-2020-0787)

    • Fuji Electric V-Server Lite VPR File Parsing Overflow Exploit: The specific flaw exists within the processing of VPR files. (CVE-2020-10646)

    • Open-AudIT m_devices.php Remote PHP File Upload Vulnerability Exploit: The sub_resource_create function of class M_devices in m_devices.php of Open-AudIT 3.2.2 allows remote authenticated users to upload arbitrary PHP files, allowing the execution of arbitrary php code in the system. (CVE-2020-11942)

Other Fixes
  • Microsoft Windows SMBv3 CoronaBlue Vulnerability DoS Update: An unauthenticated attacker can connect to the target system using SMBv3 and sends specially crafted requests to exploit the vulnerability. The module exploits this vulnerability in order to generate a Denial of Service This update contains minor fixes to it. (CVE-2020-0796)

Core Network Insight

Version: 7.0.1

Apr 27, 2020

Enhancements
  • Core Security logos have been updated to blue to fit with the HelpSystems brand book.

  • Newly created users can't log in until a second password change.

  • SMTP mail server configuration validation button has been added.

  • Add SSL and TLS/STARTTLS authentication to SMTP server configuration.

  • SSL and TLS/STARTTLS authentication has been added to SMTP server configuration. (CAS-0010192121, CAS-0010184524)

Other Fixes
  • User Permissions prevented from correctly upgrade the product to 7.0. (CAS-0010196258)

  • Software update notifications messages have been corrected to display the correct status of the installation.

  • When creating a new user account, there's a checkbox for forcing the user to change their password upon first logging in that is not being unchecked after the change so the user is requested to change the password after each login. (CAS-0010191716)

  • Corrected a defect where 2 consecutive password resets were needed to allow a new user to log in the product.

  • Memory requirements have been modified to allow a correct functioning on lightweight micro-sensors or vSensors. (CAS-0010195683)

  • Systems and Threat tabs in the GUI are not accessible after scrolling to bottom of the page. (CAS-0010196661)

  • SIEM settings Syslog or Splunk uses UDP irrespective of changes in UI. (CAS-0010198356)

  • Statistics are now saved in multiple files. (CAS-0010198455)

Visual Identity Suite (VIS)

Version: 2.3.2
Other Fixes
  • Fixed browser issues caused by the latest Google Chrome browser release.
  • Additional scaling provided to handle larger numbers of roles.

Back to Top

 

GoAnywhere


GoAnywhere MFT

Version 6.4.3
  • Updated Gateway Manager to support SSL termination and SSL rewrap for GoAnywhere Gateway version 2.8.0.
  • Upgraded the Netty library from version 4.1.42 to version 4.1.48.
  • Fixed an issue where an input stream was left open causing Agent server threads to get hung up.

GoAnywhere Gateway

Version 2.8.1
  • Fixed an issue where the key store type was not defaulting to JKS when not supplied for configurations using Control SSL or SSL Termination.
Version 2.8.0
  • Added support for SSL Termination and SSL ReWrapping.
  • Fixed an issue where an extra line feed or carriage return would cause a license to be invalid.
  • Upgraded Apache Commons-Collections from 3.2 to 3.2.2.
  • Upgraded the Netty library from 4.1.33 to 4.1.48.

GoAnywhere Desktop Client for Windows

Version 3.1.0
  • Added a new feature to navigate directly to a folder path within the Web User's Secure Folders.
  • Added a timestamp to notifications for GoDrive events.
  • Added the ability to enabled or disable Windows Authentication for existing device accounts.
  • Upgraded the internal storage used for GoDrive data to support newer and stronger cryptography.
  • Improved the cleanup process for accounts that don't complete the registration process.
  • Improved the startup process when there are multiple accounts.
  • Fixed an issue where, in rare cases, the device would continuously try to authenticate when the Web User was disabled.

Back to Top

 

IBM Partnership


Rational Developer for i

Version: 9.6.0.8
Enhancements
  • /copy and /include files now can be opened from source stored on IFS.
  • ACS now can be launched from RDi without requiring a separate Java Runtime Environment installation.
Other Fixes
  • Fixed option selection UI problem in the Add Procedure Parameter dialog.
  • SQL is no longer autoformatted. Formatting now occurs when the user invokes the format action (APAR SE68862).
  • Enabling LPEX preference "display whitespace characters" makes some terms in RDPLE source harder to see (APAR SE69572).
  • Screen designer may show an incorrect value in the properties view for a referenced field (APAR SE70098).
  • Embedded CRLF sequences in SQL are not handled by the Remote Systems LPEX editor (APAR SE70241).
  • Editing an RPGLE member that references a copy member with DBCS characters in a variable name results in a parser error (APAR SE70349).
  • Updating RDi to v9.6.0.5 may result in some web tooling views not displaying the correct information (APAR SE70532).
  • IllegalArgumentException observed after a second and subsequent attempts to verify source in an IFS file (APAR SE70867).
  • Restarting RDi with open members and no connection to the host causes an excessive number of connection dialogs (APAR SE71085).
  • Browse/Edit toggle not available for CBL source type in the Remote Systems LPEX editor (APAR SE71091).
  • ILE RPG EXTPROC defined with no arguments not handled correctly by the parser and content assist (APAR SE71230).
  • Extract constants can produce a constant name the same as a procedure name causing msgrnf7421 during compilation (APAR SE71501).
  • i Project changes not always pushed when "push selected resources if there are any changes" is selected (APAR SE72138).
  • Indicators are not properly represented in the outline view when editing ILE RPG source (APAR SE72250).
  • Source opened from the error list view opened in edit mode when preferences are set to open in browse mode (APAR SE72370).
  • Embedded SQL statements in ILE RPG continued from column 80 may result in an ArrayIndexOutOfBoundsException (APAR SE72392).
  • Unsupported syntax checking and program verify preferences for ILE RPG, RPG/400, and COBOL no longer show as enabled in macOS environments (APAR SE72449).
  • Field size not reported correctly in the Outline view (APAR SE72827).
  • Content assist will not insert a proposal if the inserted value would flow past column 80 in **free ILE RPG (APAR SE72840).
  • Column sensitive editing preference affects editing fully free RPG source (APAR SE72953) .
  • When editing SQLRPGLE source with the Remote Systems LPEX editor, the SQL FETCH statement does not format well (APAR SE73285).

Back to Top

 

Intermapper


Version: 6.4.3

Apl 14, 2020

Enhancements
  • Changes were made to enhance map loading time at startup with large numbers of maps and charts.

  • The ability to detect corrupted chart files and repair them has been improved significantly.

  • A number of improvements in memory management and CPU usage have been completed. Even with large numbers of maps and charts, memory and CPU usage have been signficantly reduced.

Other Fixes
  • When exporting a mix of old and new chart data to Intermapper Database, the export now completes reliably.

  • The WMI Logged-on Users probe now works properly with Windows Server 2012 R2.

Back to Top

 

JAMS


Version: 7.1.557

Apr 13, 2020

Enhancements
  • Installer
    • Updated the installer to improve upgrades from JAMS V6.X to JAMS V7.1.557. The changes include:
      • When converting a JAMS V6.X Menu Definition to JAMS V7.1.557, the installer now includes Jobs if the V6.X Menu had "Include Setups" selected.
      • Enhanced the installer to identify and log potential inconsistencies before upgrading from JAMS V6.X to JAMS V7.1.557.
      • Updated to save the JAMS V6.X Job Override name as the Job name in the V7.1.557 History View.
      • Converted the SubmitDate and SubmitTime properties.
      • Assigned Setup Jobs that have different Agents to the Submit Job Tasks in the JAMS V7.1.557 Sequence.
      • Added a default user to a Root Folder, if no Credential was assigned to the Folder.
      • Converted Setup Job properties on Setup Definitions in JAMS V6 to Schedule Items and/or Properties on Sequence Tasks in JAMS V7.1.557.
      • Updated the Sample Jobs to use the Samples Credential.
      • Updated the Current Schedule Report in V6.X for JAMS V7.1.557.
  • Desktop Client
    • Added additional available columns to the History, Job, and Monitor Views for better visibility and usability.
    • Included a new PowerShell button to let a user open PowerShell ISE and edit the Job source.
    • Added the ability to create an Audit report.
    • Added right-click options for "Select All" and "Copy" to the Log File in the Monitor Detail.
    • Added the ability to change the Agent Type and Platform when editing an Agent Definition, if the Agent is not referenced by other JAMS Objects.
    • Added the ability to change the Connection Type when editing a Connection Definition, if the Connection Type is not referenced by other JAMS Objects.
    • Updated the Sequence Editor and Viewer to display inherited Properties and Schedule Items for a Submit Job Task and allow overriding of values.
    • Updated the Monitor View to add new right-click options to view Sequences and Workflows within the Entry Details screen.
    • Added a Monitor View query option to filter by Entries submitted by a user.
  • Scheduler
    • Added the Schedule for Date and Scheduled Time properties for Triggers.
    • Added support for AmazonS3 Connections on File Transfer Sequence Tasks.
  • Web Client
    • Added additional available columns to the History, Job Definition, and Monitor Views for better visibility and usability.

 

Other Fixes
  • API
    • Resolved an issue where Job properties were not updated properly when performing a POST to api/submit.

  • Desktop Client
    • Resolved an issue where the order of Parameters was not saved.

    • Resolved an issue where an error occurred when submitting a File Transfer Task on a SFTP Connection Store.

    • Updated the help text for the Success or Failure Trigger Parameter.

    • Resolved an issue where all columns could be removed from the Definitions screen.

    • Added a warning dialog when attempting to delete an Execution Method that is in use by existing Job Definitions.

    • Updated the Monitor View to display the row count for only the active tab.

    • Resolved an issue where renamed Agents were incorrectly displayed in Queues.

    • Updated the error description on the SQL Stored Procedure Task when it fails to retrieve stored procedures from the database.

    • Resolved an issue where the Pass Parameters value on the PowerShell and PowerShell32 Execution Methods were set incorrectly after upgrading from JAMS V7.0 to V7.1.

    • Resolved an issue with Informatica Cloud Jobs where edits to the selected Task may not be saved after closing and re-opening the Job.

    • Resolved an issue where moving a Sequence Task would display an error when using a JAMS V7.1 Client with a JAMS V7.0 Server.

    • Updated the descriptions for the Server Name and Node Name on the JAMS Agent Edit screen.

  • PowerShell
    • Resolved an issue where the Stop-JAMSEntry command was not properly using the -FolderName option.
    • Resolved an issue that prevented the folder's qualified name from being fully displayed.
    • Resolved an issue where the Variable Delete() method could only delete Variables in the Root Folder.
  • Scheduler
    • Resolved an issue with the Mail Watch Job property not converting from 7.0 IMAP Agents to 7.1 Connection Store objects.
    • Resolved an issue where inherited permissions were changed to explicit permissions after changes to folder security.
    • Resolved an issue with SSL mode in FTP Workflow activities.
    • Resolved an issue where the Debug mode did not disable recurrence options when the Job is submitted via PowerShell.
    • Optimized the Sequence editor to let a user view the Job properties by right-clicking on a Submit Job Task.
    • Optimized the memory usage in the JAMS Server for Projected Schedule with a large number of Jobs.
    • Resolved an issue where a Duplicate Interval Error was displayed for Jobs with a Retry and Interval Triggers.
    • Added support for the latest version of the Informatica API.
    • Added SCOM Notify objects to the Schedule tab.
    • Resolved an issue that could prevent Job log files from being copied to the common log location.
    • Resolved an issue that could cause the S3Session Activity for Workflow Jobs to display a System.NullReferenceException error.
    • Resolved an issue where Jobs or Sequences were failing with a final status of "Job was executing, sending missing event". The issue also caused Entries to stay in the "executing" state and Interval Triggers to stop executing.
    • Resolved an issue where a Job that was waiting on a precheck Job could not be released from its precheck requirement.
    • Resolved an issue where an FTP Job failed and displayed an error message indicating it was unable to get the file size.
    • Resolved an issue where Audit Trail Entries were duplicated in the Monitor Detail View.
    • Resolved an issue where a user without Submit access to all Jobs may see a "Submit access to this Job was denied" error when opening a Projected Schedule.
    • Restored the ability to manually cancel a Job Entry and override the CompletedKept value to remove the Entry from the Monitor View.
    • Added support for multiple Schedule Windows on Jobs.
    • Resolved an issue where the ScheduleMaxDownAction was not taken when the ScheduleMaxDowntime was exceeded.
    • Resolved an issue where date-specific Job Dependencies with Depend on Date = "today" would not look more than 5 hours in the past.
    • Resolved an issue where a Schedule Window action of No Action was not used for auto-submitted Jobs.
    • Updated support for Date/Time comparisons in Variable Triggers.
    • Improved the Monitor View performance by clearing all related and completed Entries when an Entry is restarted.
    • Updated to allow unattended installations of JAMS without specifying the path for the JAMS Database and log file.
    • Updated to remove precheck Jobs based on their retain settings to reduce the number of repeating Entries.
    • Improved the performance of large Sequence Jobs entering the Monitor View.
    • Resolved an issue with using private key Credentials in a File Transfer Job.
    • Improved error reporting on the JAMSConvertHistoryJob Job that is used to convert history records from JAMS V6.X to JAMS V7.1.557.
  • Web Client
    • Resolved an issue to correctly display the time between 12:00PM and 12:59PM.
    • Resolved an issue where days or months could not be changed in the calendar for the Audit Trail and Projected Schedule Views.

Back to Top

 

Powertech


BoKS Web Services Interface

Version 7.1.0.2

Apr 9, 2020

  • Added the ability to set a configurable timeout for calls to the BoKS admin server, BCCAS. You can configure the time for the timeout. If the call fails, an error is logged. Request timeout is configured using the parameter requesttimeout in the config.yaml file and is specified in seconds. The default is 60 seconds.

  • Added enhanced error logging capabilities for failed requests.

  • Fixed an issue where an incorrect content length setting for UTF-8 characters in combination with the system locale not being set to UTF-8 could cause the WSI server to stop responding.

  • Update of third-party dependencies.

Compliance Monitor

Version 4.1

Apr 27, 2020

  • Security information for the connection certificate is now encrypted for installations in which TLS is used to encrypt communication between the Consolidator and the browser-based user interface.

Exit Point Manager

Version 7.24

Apr 16, 2020

  • A problem causing incorrect hex-encoded SQL transaction data in reports has been resolved.
  • PTNSLOGEXT no longer omits *FTPSIGNON activity when the Include User Profile (USR) parameter is used.
  • A problem causing some reports to omit column headings from stream-file output has been resolved.
  • Errors in the help text for the PNSLOGEXT command have been corrected.
  • A problem that caused the PNSLOGEXT command to fail when processing failed journal entries has been resolved.
  • An issue that could cause missing QSOCONNECT transactions on reports has been corrected.
  • A problem causing functions to display as numeric values instead of text has been resolved.

Password Self Help

Version 3.004

Apr 27, 2020

  • An issue causing the "Same Answer Allowed" setting to fail in some configurations has been corrected.
  • The message "unsupported version of PSH installed" no longer incorrectly appears when creating a product connection to a supported version of Password Self Help from HelpSystems Insite. The correct product version is now displayed.

Risk Assessor

Version 3.1

Apr 14, 2020

  • A problem causing ‘/’ to be incorrectly listed in place of ‘/QOpenSys’ in the SKYASSESS document has been corrected.
  • An issue causing the SKYGRPPTF report to be empty when the IBM i does not have an Internet connection has been resolved. The report is now populated with the group PTFs that are currently installed.
  • In the System Value table of the SKYASSESS document, the QATNPGM value is no longer incorrectly flagged as deviating from the Recommended setting. (It is at the recommended setting.)
  • An issue causing the PTF Group SF99333 to be incorrect in the SKYGRPPTF report in some cases has been corrected.
  • A CPF3309 error caused by a large number of trigger programs on the system has been addressed, and no longer results in assessment failures.

SIEM Agent for IBM i

Version 4.1

Apr 2, 2020

  • Outputs can no longer be created without specifying a Format.
  • A problem causing incorrect data to be added to T:SV (System Value change) transactions has been resolved.
  • A rules processing improvement removes the requirement to create catch-all rules in certain scenarios, improving the user experience.
  • The inability to resolve the IP address when a fully qualified domain name is set as the Location for an Output has been corrected.
  • A journal monitor performance issue has been resolved.
  • The inability to create Output files in some scenarios has been corrected.
  • A problem causing the field values in Conditions to not be included in copied rules has been resolved.

Back to Top

 

Robot


Robot Reports

Version 7.72

Apl 13, 2020

  • Fixed issue with extended subject line compatibility for Alert 6 and above.

Back to Top

 

Sequel


Viewpoint 11

Version: 11.20.093

Apr 7, 2020

Other Fixes
  • Improved visualization of the join relationships in the View Designer File & Field tab.

  • The Excel Add-in supports views with *SERVER syntax.

Back to Top

 

Showcase


Viewpoint 10

Version: 10.20.093

Apr 7, 2020

Other Fixes
  • Improved visualization of the join relationships in the View Designer File & Field tab.

  • The Excel Add-in supports views with *SERVER syntax.

C&DS Migration Utility

Version: 10.20.093

Apr 7, 2020

  • No updates for this release.

Back to Top

 

Titus


Titus Classification Suite for Mac

Version 2020.0

April 2020

Enhancements
  • The product now provides sufficient logs generated at all levels to help to trace activities as well as diagnose any problems through Apple’s native logging system. Administrators can troubleshoot on the client machine with the native logging system Apple provides without third party applications.

  • EWS dependencies have been removed in order to unblock enterprise deployment and to improve the send process efficiency in Outlook. The product can be distributed easier through an MDM solution without use of App Password. Also, product performance has been improved.

Other Fixes
  • When the TMC add-in is not installed in TCS for Mac and Outlook is unchecked in automation setting, TCS for Mac still flags the error - "Automation (disabled) must be enabled for Office Apps to use TCS for Mac"

  • A custom property is interpreted to numbers in Word while Excel and PowerPoint represent this value accurately in the custom property tab.

  • When Titus Add-in is installed, the Add- in UI is not loaded in Word/Excel/PowerPoint, and the “Developer Add-ins” dialog remains open.

Titus Classification Suite for Windows

Version 2020.1

April 2020

New Features
  • Titus Classification for Desktop allows a user to apply Titus metadata to a file which could automatically trigger VERA protection to secure files.

Enhancements
  • Improvements were made for accessibility, usability, user experience, and to handle display scale factor changes dynamically.

  • Titus has ensured the color icons and Field Values in the Ribbon and the Select dialog align properly.

Other Fixes
  • Configuration files did not download to client systems when using HTTPS if only Transport Layer Security (TLS) 1.2 was enabled. If TLS 1.0 or 1.1 was enabled, configuration files downloaded as expected.

  • When replying to emails received with a First Line of Text (FLOT), only one condition value was shown when there were multiple. During FLOT parsing, multiple values were being selected for classification.A trusted label icon appeared on some emails even though the Trusted Labels functionality was not enabled in the configuration.

  • Rich text formatting in Policy Alerts were not showing with the proper format.

  • Non-Titus watermarks were removed when Titus metadata and markings were updated on Microsoft Word documents that were already classified.

  • The FLOT parser was only considering first line from patterns when finding a match.

  • Australian Email Protective Marking Standard parser evaluated namespace from Sender’s email instead of gov.au namespace.

  • If a user activated the "TITUS Software License Agreement", the focus was not in the scrollable area of the text window.

  • When trying to open http://www.titus.com link from the About dialog box using a keyboard, users had to go through several keystrokes to activate the link.

  • Ribbon Help/Select text was not shown when opening classified messages.

  • Schema Downgrade rules could be bypassed by canceling the Select dialog.

  • Long (multi-line) schema field name text was truncated in the Select dialog.

  • Drop-down fields containing numerous (100+) values sometimes displayed with blank entries in the Select dialog.

Version 2020.0 SP1 HF2

April 2020

Other Fixes
  • If the ‘Suggested’ field in a schema value to ‘No’ then Patrol will not detect an unclassified file if the rule in the policy uses “” as the condition when checking File.Metadata.Classification.

Back to Top