Request Demo

5.7.5

  • November 12, 2020

Security

  • Fixed security issues with AngularJS 1.3.9 by upgrading to 1.8.2 -JO
  • Fixed various XSS security issues with older version of Bootstrap 3.3.x by upgrading to 3.4.1 in both Desktop and Mobile -JO
  • Fixed various XSS security vulnerabilities in Manage Users, Notification Settings, Agent Management, and Deploy Dashboard pages (thanks Namratha) -JO
  • (CVE-2020-27988, CVE-2020-27989, CVE-2020-27990, CVE-2020-27991)
  • Fixed privilege escalation security vulnerability with Auto-Discovery php script (thanks Chris Lyne of Tenable) (CVE-2020-28648) -JO
  • Fixed authenticated remote code execution in Auto-Discovery component (thanks Shahar Zini and Samir Ghanem from Skylight Cyber Security) -JO

Fixed

  • Fixed mobile redirect when trying to access the rapid response URL [TPS#15372] -JO

Component Updates

Core Config Manager (CCM) 3.0.8

  • Fixed various XSS security vulnerabilities in overlay and notification/check period -JO
  • Fixed issue with command escaping in Test Check Command [TPS#15167] -JO