CVE-2022-40325: 22.1.65 Release Notes - On-Premises Releases

• Updated on 28 Jul 2022

• 5 Minutes to read

• Print

• Share

• Dark

  Light

GA June 6, 2022****Feature Requests

FR#

Description

Module/Tool

52960

Reports generated in Excel are now exported in XLSX format for better experience and support of extra-large files.

Analytics

54161

Improved Patch Management implementation mechanism to resolve Apache HTTPD vulnerability errors. (This also covers FR# 58032.)

Patch Management

52260

Admins can map CI Fields to the Owner Group field when importing CIs into SysAid’s CMDB.

CMDB

64356

Created a new ‘$ReopenSR-requires_login’ tag for ticket notifications.
Using this tag will verify that the user who clicked the link is logged in to SysAid and update the SR as needed.

Help Desk

51918

A new check box in the Escalation Rules form allows admins to set reminders on action items.
Configuration requires using custom user fields and action items dependencies.

Help Desk

53457

Admins can filter columns in the routing rules list by specific values.

Help Desk

60457

We added two new variable tags that can be added to ticket notifications in both the recipient field and the body of the notification:

• $RequestUserManager – The direct manager of the ticket’s request user.
• $AIAssigneeDirectManager – The direct manager of the user assigned to the action item.

Help Desk

66409

Improved performance in loading the Self-Service Portal in different sections: Catalogue items, FAQs, new ticket and category display and drop downs.
This addresses bugs 65724, 60463, and 54442 as well.

Self-Service Portal

53656

Admins can define how many tickets are displayed in the Self-Service Portal scoreboard page when the end-user clicks Show All.

Self-Service Portal

60979

Improved performance around the loading of tickets in the scoreboard for a better customer experience.

Self-Service Portal

66129

Added validation when end-users self-registered for the Self-Service Portal.

Self-Service Portal

67236

Removed capability to import and export knowledge base articles to and from the SysAid Community in preparation for the relaunch of the community.

Knowledge Base

65579

Tightened security around potential XSS vulnerabilities (also covers bug #66542).

Security

65584

Tightened security around changing password capability on the My Settings page.

Security

67238

Removed or restricted access to certain vulnerable files on the SysAid server. This also covers FR #67237

Security

67241

Tightened security against potential XSS (cross-site scripting) attacks in the Password Services module.

Security

67258

Tightened security against potential XSS (cross-site scripting) attacks via the Linked SRs field.

Security

67262

Tightened security against potential XSS (cross-site scripting) attacks in the Asset Dashboard.

Security

66686

Added validation of file types when attachments are uploaded to SysAid. See list of supported file types here.

Security

52825

Admins can now sort the Asset list by the Last Access Time column in ascending or descending order.

Asset Management

64635

Changes were made to the Microsoft Azure interface. We updated the online help for the O365 integration to include the needed configuration changes.

Third-Party Integration

65264

Updated our documentation for setting up the OneLogin SSO integration in response to changes in OneLogin’s requirements.

Third-Party Integration

61365

Tightened security around access to LDAP Imported users via the API. This covers CVE-2021-36721.

Security

66686 (*)

Added validation of file types when attachments are uploaded to SysAid. See list of supported file types here. This covers CVE-2021-22796.

Security

66692

Tightened security around access for non-admin users. This covers CVE-2022-22798.

Security

67656

Tightened security against potential Cross-Site Scripting (XSS) attacks. This covers CVE-2022-23165. This also covers FR #5209.

Security

67655

Tightened security around access to vulnerable files in the SysAid server.
This covers CVE-2022-23166.

Security

66687

Resolved vulnerabilities related to Apache Tomcat.

Security

Bug Fixes

Bug #

Description

Module/Tool

61655

Fixed a bug that caused an empty list page to open when admins clicked on the Highest Values graph in the Dashboard.

Analytics

64779

Fixed a bug that caused SysAid to create duplicate asset records when the asset ID generated by the SysAid agent consisted of only one digit.

Asset Management

57188

Fixed a bug that prevented SysAid from displaying changes to an admin’s Company, Location, and Department fields on an asset that was automatically assigned to that admin.

Asset Management

66131

Fixed a bug that generated errors when an admin attempted to import Chromebook devices that were missing an Auto-update expiration date.

Asset Management

64125

Fixed a bug that caused a timeout when admins tried exporting the list of assets that were using a software product.

Asset Management

52731

Fixed a bug that prevented SysAid from properly displaying graphs in the dashboard when the dashboard headers contained certain special characters.

Dashboard

65798

Fixed a bug that sometimes caused timeouts when SysAid was loading the email rules page.

Email Integration

66132

Fixed a bug that caused SysAid to ignore certain user parameters in routing rules on tickets generated via email, when email integration was configured with OAuth 2.0 protocol.

Email Integration

65798

Fixed a bug that sometimes caused timeouts when SysAid was loading the email rules page.

Email Integration

65211

Fixed a bug that sometimes prevented admins from changing the order of routing rules.

Help Desk

65409

Fixed a bug that caused escalation rules to run outside of the defined operating hours.

Help Desk

66388

Fixed a bug that sometimes prevented users from logging in to the Mobile solution after they had logged out.

Mobile

65757

Fixed a bug that prevented the Self-Service Portal from displaying the profile menu when it was opened via the hotkey.

Self Service Portal

64572

Fixed a bug that caused the agent hotkey to open the now deprecated End-User Portal when the Self-Service Portal was disabled in that account.

Self Service Portal

65199

Fixed a bug that prevented end users from automatically downloading the ticket attachment after login to the Self-Service Portal, when they click on the ‘${LinkToAttachments}’ tag in a ticket email notification.

Self Service Portal

65353

Fixed a bug that sometimes caused content generated by category pointers from appearing in the service catalog.

Self Service Portal

65363

Fixed a bug that sometimes generated an error when admins tried to populate data in a workflow template with many action items.

Service Desk

63121

Fixed a bug that prevented the Self-Service Portal’s Scoreboard from displaying any items in the full Workflow Actions list when one of the workflow actions on the list had been deleted from its template.

Service Desk

64086

Fixed a bug that prevented SysAid from sending emails with attachments larger than 3MB when email integration was configured for O365 using the Oauth 2.0 protocol.

Third-Party Integration

66123

Fixed a bug that caused the ‘Can be assigned to service record’ setting to be reverted to its default for Azure-imported user groups when SysAid synced with Azure.

Third-Party Integration

66620

Fixed a bug that prevented Azure-imported admins from seeing tickets assigned to their group.

Third-Party Integration

65590

Added the capability to remove configurations in the Multi SSO Connector setup page, along with other minor UI updates.

Third-Party Integration

65802

Fixed a bug that prevented admins from changing the HTML displayed in their login screen for the SSO Connector add-on.

Third-Party Integration

57227

Fixed a bug that caused users who were demoted from admin to end user to maintain some of their original admin permissions.

User Management

Was this article helpful?