Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-19034: AssetExplorer ITAM Solution ServicePacks Readme

Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.

CVE
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#google#microsoft#ubuntu#linux#debian#cisco#red_hat#dos#redis#js#git#java#oracle#intel#rce#perl#ldap#samba#ssrf#pdf#vmware#log4j#bios#buffer_overflow#oauth#auth#ssh#telnet#dell#postgres#chrome#firefox#sap#ssl

ManageEngine AssetExplorer 6.9****Behavior Changes: in 6988 (Released on: 24 January 2023)

  • AEI-106790 : Users can upload images with a maximum of 16000000 pixels across all modules.

Enhancements:

  • AEF-106684 : Added options to choose the parent software while reconciling software.

Issues Fixed:

Vulnerability

  • AEI-106331 : Cleartext passwords transmission vulnerability in backup scheduling.
  • AEI-106815 : Sensitive data exposure vulnerability in reports.
  • AEI-106993 : Sensitive data printed in logs.
  • AEI-106855 : Authentication bypass vulnerability in Two-Factor Authentication login page
  • AEI-106790 : Denial of Service (DoS) vulnerability detected when uploading images continually in the application.

Assets

  • AEI-106762 : Web RDP fails while integrating the application with Endpoint Central. The issue occurs only when the application runs in HTTPS mode.
  • AEI-106717 : After an asset scan, the site associated with Cisco IP phones is getting reset unexpectedly.
  • AEI-102547 : Performance improvements in agent-based scans.

Software

  • AEI-106589 : Unable to add or update license agreements when the Terms, description and PO# fields are empty.

Admin :

  • AEI-107094 : Users are incorrectly marked as deleted in Active Directory’s deleted users sync.
  • AEI-100738 : Importing users from Active Directory via automatic delta imports is getting failed in some cases.
  • AEI-106370 : In some cases, unable to delete sites or application performance is slow while deleting sites.
  • AEI-106761 : Customized Asset Explorer logo is not displayed on the Two-Factor Authentication login page.
  • AEI-107336 : ‘Content type not found’ error is thrown while uploading attachments in some cases.

Going forward, administrators upload sample files for an extension with different content type under Admin > Attachment Settings > Add new extension to avoid this error.

Reports :

  • AEI-107820, AEI-107619 : Date column values are duplicated in Advanced Matrix Reports.

General :

  • AEI-103173 : Users are logged out of the application unexpectedly in some cases.
  • AEI-106308 : In some cases, null pointer exception is thrown in the Update Manager during migration.

Behavior Changes: in 6987 (Released on: 23 December 2022)

  • AEI-107307 : AE-####: Module delimiter will not be appended in the notification email subject if it is not configured in the respective notification template

Issues Fixed:

Vulnerability

  • AEI-106843 : XSS vulnerability in credentials of asset details page.

Reports

  • AEI-105434 : Error thrown if the To field in Schedule report settings contains more than 100 characters.
  • AEI-105987 : Date column values in Advanced Matrix Reports are not displayed as per the time zone.

Login

  • AEI-104934 : After saving the login credentials in Firefox and logging out of the application, the login page is rendered with two Domain fields.

Mobile App

  • AEI-106486 : An incorrect error message is displayed during concurrent login in AssetExplorer Android and iOS applications.
  • AEI-107051 : Unable to receive push notifications in AssetExplorer mobile application or connect to mail servers from the web application after upgrading to build 6985 or above.

API

  • AEI-106035 : GET requests in CMDB API fail after migrating to AssetExplorer 6980.

Behavior Changes: in 6986 (Released on: 01 December 2022)

  • AEI-106528 : The maximum number of attachments per record is now 50 across all modules.
  • AEI-34511 : You can now view the details of the user who uploaded the attachment along with the time by hovering over the attachment.

Enhancements

  • AEF-106528, AEF-106530 : Attachment and Inline Image Enhancements

    • You can now download all attachments added to a record simultaneously as a ZIP file using the Download all option.
    • The throttle limit for the number of files uploaded as attachments per minute is now increased to 15. Note that the number of files that can be selected and uploaded simultaneously is 10.
    • Inline images within a module can now be accessed by users only if they have permission to the module. This change is applicable only for new images added after migrating to build 6986.
    • Inline images are now stored in the same location that is configured as the attachment storage location.
  • AEF-106821 : Admin History

    View History allows you to view all admin configuration activities.

    To learn more, click here.

  • AEF-100705 : Add new extensions in Attachment Settings

    Administrators can now include or exclude attachments files added based on the file extensions.

    • Attachment settings can be set under Admin > General Settings.

    To learn more, click here.

  • AEF-101026 : Default HTTPS Mode

Beginning with 6986, new AssetExplorer installations will start in HTTPS mode by default. A valid SSL certificate must be uploaded to establish a secure connection between clients and AssetExplorer. To upload an SSL certificate, go to Admin > General Settings > Import SSL.

Note :

  • Installations migrated to 6986 build will continue to use the previously configured mode.
  • Option to switch between HTTP and HTTPS mode will continue to be supported.
  • An insecure connection error will be displayed by browsers when running the application in HTTPS mode, without a valid SSL certificate.

Issues Fixed: in 6985 (Released on: 18 November 2022)

Admin

  • AEI-106028 : Scroll bar in the bell notifications panel is missing in higher-resolution displays.
  • AEI-105658 : In the Active Directory deleted users sync, users who are incorrectly identified as deleted users are not getting updated during the next deleted user sync when the delete manually option is enabled.
  • AEI-105482 : Unable to send mails if the “name<email>” format is used in the To field while using EWS for mail server settings.
  • AEI-103395 : Deprecated TLS versions (TLSv1 and TLSv1.1) are displayed under Server Port and Protocol Configuration in Admin > Security Settings > General.

Mobile App :

  • AEI-88560 : Users are not logged out from AssetExplorer mobile application when the local authentication password is reset.

Behavior Changes: in 6984 (Released on: 10 November 2022)

  • AEI-104243 : AssetExplorer integration with SCCM now supports Windows authentication single sign-on (SSO).
  • AEI-103099 : Autocomplete is deprecated for confidential fields (Host, Port, Username, and Password) in the agent configuration proxy form.
  • AEI-105673 : While adding assets through form, Site field is not mandated for technicians with Complete Access permission to Assets module.
  • AEI-104107 : License agreement expiry notification emails will now include complete license agreement details.

Issues Fixed :

Assets :

  • AEI-105182 : Time values of certain fields are inadvertently shown in epoch time format in the asset scan history and update scan data pop-up.
  • AEI-103731 : The content in Endpoint Central upgrade notification mismatches with the tooltip displayed when hovering over the notification.
  • AEI-106139 : During asset scan, VMs and assets added under Admin > Discovery > Scan Settings > Invalid Service tags are duplicated.

Admin :

  • AEI-104148 : In the SolarWinds server settings page, the special characters in the username are incorrectly shown as HTML-encoded values.
  • AEI-104731 : Post upgrade to 6977 build and above, SolarWinds CleanUp schedule is executed periodically even if the integration is disabled
  • AEI-104149 : Data sync fails during SolarWinds integration if an asset contains more than 50 characters in the sysLocation field.

API :

  • AEI-105756 : After upgrading to build 6980, the V3 API URL with slash at the end (for example: /api/v3/assets/) does not work.

Framework Upgrade Information: in 6983 (Released on: 27 October 2022)

  • AEI-106148 : CVE-2022-47966 : Pre-Auth RCE vulnerability when SAML authentication is enabled

Framework Upgrade Information: in 6982 (Released on: 22 October 2022)

  • AEI-105062 : Jquery upgraded to 3.6.0
  • AEI-104849 : Jquery UI upgraded to version 1.13.2.
  • AEI-103970 : Jquery validation JAR upgraded to 1.19.5.

Issues Fixed :

Vulnerability :

  • AEI-106069 : CVE-2022-42889 : Commons-Text JAR upgraded to 1.10.0.

General :

  • AEI-105280 : Upgrade failure because of different collation in the SQL server.
  • AEI-105175 : Schedules work only intermittently because of incorrect date format in the SQL server.

Enhancements : in 6981 (Released on: 13 October 2022)

  • AEF-104587 : Users can perform global search for SNMP devices using the manufacturer serial number in Assets and CMDB module.

Issues Fixed:

Assets :

  • AEI-104873 : If the URL host name contains Software, the Software module is selected by default in the global search filter.
  • AEI-102443 : An unwanted error message is displayed while modifying the type of an IT asset to another IT asset.
  • AEI-104701 : Unable to generate barcode starting with 00 while adding new assets or associating existing assets under Assets > Barcode Generation.
  • AEI-104932 : An error is thrown when clicking the auto-assign option under asset summary in non-English setups.
  • AEI-102923 : Technicians with site-based restriction and Complete Access to Assets module are unable to download or delete attachments in an asset.
  • AEI-102451 : The headings in printers/routers/switch details page are displayed as question marks in non-English setups.

CMDB :

  • AEI-103997 : Unable to delete IT Service or Business Service CI types if CI attributes are displayed in the list view.
  • AEI-104942 : Unable to delete run-relationships from the relationship list view. The issue occurs if the target CI added is not a software.

Purchase :

  • AEI-103117 : The horizontal scroll bar disappears when navigating from a purchase order to an associated assets list if the items are reached.

Behavior Changes : in 6980 (Released on: 29 September 2022)

EOL of 32bit :

Support for the 32-bit installation of AssetExplorer will be deprecated with this release. Click here to learn more.

General:

AE-105010: Post upgrade to 6980 build and above, basic authentication will no longer be supported for Office365 mailbox. Migration to 6980 build will be paused if Office365 mailbox using basic authentication is enabled under Mail Server Settings.

For continued service, we recommend users to reconfigure mail servers with OAuth authentication.

Enhancements:

AEF-100326 : Support for UEM Product Integration

Users can now integrate AssetExplorer with any one of the following Unified Endpoint Management (UEM) products:

  • Endpoint Central (formerly Desktop Central)
  • Patch Manager Plus
  • Remote Access Plus
  • Application Control Plus
  • Vulnerability Manager Plus
  • Device Control Plus

To enable integration, go to Admin > Apps & Add-ons > Integrations > ManageEngine. Click here to learn more.

Enable Dark Mode / Night Mode :

Introducing Night Mode in AssetExplorer that allows users to darken their application’s screen. Night Mode is user specific.

AEF-56497 : Font Customization

You can now use custom/third-party fonts in AssetExplorer. You can either add fonts that are already included in your operating system or upload new fonts via font files in the supported formats.

Click here to learn more.

Import Vendors and Vendor Products :

Administrators can import vendor details along with the products or services associated with vendors in bulk from CSV, XLS, or XLSX files. During import, new vendors can be added in bulk or the details of existing vendors can be updated in AssetExplorer.

Click here to learn more.

AEF-100740 : Security Meter

Monitor and gauge how effectively you have configured various built-in application security features using the security meter. To access the security meter, go to Admin > General Settings > Security Settings. The security meter provides the following:

  • A security score in percentage.
  • A security level classification based on the security score: unsecured, weak security, moderate security, and highly secure.
  • An option to view and manage the list of available security features.

Click here to learn more.

AEF-94236, AEF-96685, AEF-83703, AEF-53161, AEF-97505: Reports Micro Feature

  • Introducing options to export reports without header. You can configure the settings from Reports > Custom Settings.
  • You can now schedule multiple reports under Reports > New Report > Schedule Report.
  • You can now save the edited custom report as a new report using the Save report as option.
  • You can now export, schedule, and mail reports in the XLSX format. You can also export requests, purchases, and software in the XLSX format.
  • A new notification rule “Notify technician and other SDAdmins when an SDAdmin edits/deletes another technician’s schedules/reports.” is added under Admin > Organization Details > Notification Rules > Reports.

Click here to learn more.

Forgot Password Option for Local Authentication :

Administrators can now enable the Forgot Password option for users who log in via local authentication.

AEF-98952, AEF-98456 : UI Enhancements

  • Introducing Puvi font (version 4.0) in AssetExplorer under layout personalization, theme settings, text editor, and form customization.
  • UI revamped for better user experience in the following entities: login details banner, confirmation dialog, scroll bars, checkbox, radio buttons, and Add/Edit form buttons.

Note : The scroll bar UI revamp will not reflect in Mac devices.

Purchase V3 API :

V3 API is now supported for purchase request approvals.

Contract V3 API :

V3 API is now supported for Contracts module.

Calendar Revamp :

  • Added a redesigned calendar for date and time fields across the application.
  • You can now enter time values manually in the date and time fields.

Advanced Analytics in AssetExplorer

Integrate ManageEngine AssetExplorer with Advanced Analytics to automate reporting & business intelligence activities in your inventory. Advanced Analytics captures business data as reports/dashboards in AssetExplorer, that helps administrators analyze the organization’s efficiency.

Database Migration Tool :

Introducing a tool to migrate data between two databases (Postgres to MSSQL and vice versa) as well as between operating systems (Linux to Windows and vice versa).

Click here to learn more.

Issues Fixed : in 6979 (Released on: 27 September 2022)

Assets :

  • AEI-102557 : System Type field value is not fetched for workstations and servers on scanning via Endpoint Central.
  • AEI-100665 : An incorrect error message is displayed while trying to access the remote control feature in Endpoint Central.

Admin :

  • AEI-102439 : During SNMP scan, the MAC value is fetched based on the OID hard-coded in the application even if custom OID is configured under Admin > Discovery > SNMP Configurations > Device Inventory.
  • AEI-103150 : SDAdmins are unable to reset passwords for users from users details page in Non-English setups.
  • AEI-103379 : Country drop-down in Add/Edit Site page contains missing and incorrect country names.
  • AEI-103419 : Unable to add/edit IT services if additional fields are configured for IT Service or Business Service CI types.

Reports :

  • AEF-103391 : Performance issue in setups using Microsoft SQL server for some scenarios when running query reports.

Community :

  • AEI-22674 : Purchase Order deletion history will now be recorded in Community > System Log Viewer.
  • AEI-94414 : Contracts deletion history will now be recorded in Community > System Log Viewer.

General :

  • AEI-104152 : Local authentication option is listed in the login page even after disabling Allow user login based on local authentication and Domain Filtering during login.
  • AEI-101912 : An alert message (Endpoint Central service is not reachable) is displayed even after the service is reachable.

Framework Upgrade Information : in 6978 (Released on: 03 August 2022)

  • AEI-101485 : Jquery UI upgraded to version 1.13.1

Behavior Changes :

  • AEI-103899 : Throttle limit to access the /api/v3/app_resources/build_info URL is increased to 60 calls per minute.
  • AEI-104021 : Throttle limit to access the /sounds/*.mp3 URL is now increased to 120 calls per minute.

Enhancements :

  • AEF-104217 : Disaster Recovery
    • Disaster Recovery (DR) ensures availability of AssetExplorer when a region or site is down during disaster.
    • DR works by implementing a hot-standby system. When a primary server is down, the secondary server takes over the primary server functions and serves the application.
    • You can configure DR from Admin > General Settings > HA Configuration.
    • Click here to learn more.

Issues Fixed

Assets:

  • AEI-103790 : Unable to open the asset details page in a new tab by using CTRL+left-click over an asset name in the asset list view.

Purchase:

  • AEI-103663 : Unable to take approval action for purchase orders if the approver has configured cost limit.

Contracts:

  • AEI-103633: Error thrown while importing XLS files under Contracts module in non-English setups.

Admin:

  • AEI-103146 : Backup files are not getting deleted after the expiry of the configured retention period if the corresponding scheduled backup with attachments had failed.
  • AEI-103613 : Unable configure asset notifications under Admin > Automation > Notification Rules in remote servers.

Reports:

  • AEI-60756 : Unable to identify the type (private/public) of the reports in the Reports module.
  • AEI-63233 : Unable to generate reports with description or resolution fields when the maximum number of simultaneous report users is configured less than 4.
  • AEI-103123 : Error in viewing the shared user details in Additional Setup under Advanced Analytics.

General:

  • AEI-104284 : While restoring files from backup, File not found exception is thrown under <AssetExplorer-home>/logs/Restore_log folder even though the file is restored.

Enhancements in 6977 (Released on: 07 July 2022)

  • AEI-102665: AssetExplorer favicon is now enhanced for improved user experience.

Behavior Changes

  • AEI-103140: Post upgrade, Asset Explorer will no longer be accessible through Internet Explorer 11.

Issues Fixed

Vulnerability:

  • AEI-103631 : CVE-2022-35403 : Path traversal vulnerability while processing inline images.

Assets:

  • AEI-102809 : Unable to set an asset’s status to ‘Disposed’ while updating the asset via AssetExplorer mobile application.

Purchase:

  • AEI-37956 : When receiving items from Purchase Orders, Workstation/Server model is not updated in the asset list view.

Admin:

  • AEI-102551 : Login name, email ID, employee ID based search in user fields is not working properly in some pages.
  • AEI-102777 : Security Settings page is not loading properly when the application language is set to non-English languages.
  • AEI-102717 : Unable to import users from Organizational Units with name containing '/’.
  • AEI-102553 : Notification content of Active Directory import is misaligned.

Login:

  • AEI-101405 : Users are redirected to change password page upon password expiry, if the Keep me signed in option is enabled along with any authentication except local authentication.
  • AEI-102314 : Concurrent login attempts in the same browser results in login CSRF validation failure.

Issues Fixed in 6976 (Released on: 28 June 2022)

  • AEI-103513: MSSQL migration to 6975 fails if the database user does not have sysadmin role.

Issues Fixed in 6975 (Released on: 24 June 2022)

Framework Upgrade Information :

  • AEI-102480, AEI-98897 : PostgreSQL Driver upgraded from version 42.2.16 to version 42.2.19.

Enhancements

  • AEF-92592 : Captcha Verification Check for Mobile Logins
    • In AssetExplorer mobile app, users will now be prompted to enter a captcha code during the final login attempt before reaching the account lockout threshold.
  • AEF-100271 : DesktopCentral is now renamed as Endpoint Central.
  • AEF-100525 :
    • SDAdmins can now monitor URL attacks in the application from Admin > General Settings > Security Settings > Advanced. On selecting Enable push notification for org admins when client request rate limit is reached option, notifications are sent to SDAdmins if too many attempts are made to access a URL.

Issues Fixed

  • AEI-102892 : Migrating to version 6972 and above fails when the length of the file names (including the extension) in <AE-Home>/custom/customimages/> is less than 7.
  • AEI-102470 : Translation issue in Swedish personalization.
  • AEI-100266 : Error while importing XLS files in Auto Site Allocation.

Issues Fixed in 6974 (Released on: 09 June 2022)

Framework Upgrade Information :

  • AEI-101653 : PostgreSQL upgraded from version 10.17 to 10.21

Enhancements :

  • AEF-97921: Added option to disable manual deletion of system logs in the Community tab.

Issues Fixed :

Assets :

  • AEI-38941 : The “Software” filter is not retained in the global search if it is invoked when the Software module is selected.
  • AEI-47066 : When an asset is moved in store due to deletion of the user, the information is now captured in the Asset History.
  • AEI-100371 : DC agent scan fails while scanning assets that were previously scanned via other modes.
  • AEI-101837 : A blank page is shown when the Assets module is accessed after deleting a product type.
  • AEI-102327 : The product type is updated incorrectly during asset scan.
  • AEI-102389 : Error while accessing the details page of a software license that is created with additional fields.
  • AEI-100426 : In asset list view, the values of the Purchase Order No column are not getting populated for assets created from purchase orders.

CMDB :

  • AEI-71120 : In CMDB, the CI info under software details page displays HTML tags.
  • AEI-101095 : Assets marked as ‘Not associated to any site’ are not displayed in the CMDB list view, if the logged-in user is assigned with EnableCMDB role and custom role with site-based restrictions.

Purchase :

  • AEI-101724 : Unable to customize the subject of approval notifications in purchase orders.

Admin :

  • AEI-60646 : In the notification for prohibited software installation, the Installed Date value is incorrectly shown in Unix Time format instead of human-readable format.
  • AEI-101498 : Departments and sites are added with empty names during LDAP import if the mapped attribute in LDAP server contains only white spaces.
  • AEI-102880 : Unable to add more than 10 software products under Admin > Customization > Asset Management > Product.

Reports :

  • AEI-100929 : Unable to generate query reports in MSSQL setup which contains coalesce() function in lowercase.
  • AEI-102045 : In query reports, the queries containing the join clause do not work if the column names are in lower case.
  • AEI-102387 : Duplicate queries are executed when displaying available columns in tabular custom reports.

Community :

  • AEI-101500 : Error symbol indicating failed database maintenance schedule is not getting cleared from the health meter even after successful maintenance.

General :

  • AEI-101930 : Error while clicking the technician delete notification (bell notification) received from AD delete sync.

Issues Fixed in 6973 (Released on: 01 June 2022)

Vulnerability :

  • AEI-102732 : Improper Input Validation vulnerability while adding additional fields.

Assets :

  • AEI-101759 :Error thrown while adding or editing workstations if,
    • More than 5 Processors, Hard Disks, Network adapter details, or Monitors are provided.
    • A workstation additional field value contains more than 150 characters.

Purchase :

  • AEI-102390 : Unable to add purchase order if the discount value is added directly without the discount rate.

Behavior Changes in 6972 (Released on: 04 May 2022)

  • AEI-100804 : Product Type field is removed from the server details page and list view.
  • AEI-99040 : Loan expiry notifications will now be sent to the users until the loaned asset is returned if notification frequency has been configured.
  • AEI-101115: Changing the default backup password is now mandated before applying the license, taking manual backup, or upgrading the application.

Enhancements

  • AEF-99760 : Security advisory banner will be displayed to SDAdmin.
  • AEF-101546 : Option to enable/disable last login information under Admin > General Settings > Security Settings.

Issues Fixed :

Assets :

  • AEI-97178 : Disposed assets can now be added and updated via API.
  • AEI-99040 : Loan expiry notifications are not getting triggered when the corresponding asset name contains special characters.
  • AEI-101209 : Browser is loading slowly while updating asset owner via V3 API.
  • AEI-101443 : Unable to update an asset state if there are more than 100 assets in that specific state.
  • AEI-101134 : If you try to change the type of a product with a valid license, the insufficient license for this operation message is displayed. The issue occurs due to consideration of the disposed assets with existing assets count.
  • AEI-99544 : Transaction timeout occurs while reconciling two software installed in more than 10000 workstations.
  • AEI-100594 : An incorrect generic icon is displayed for some macOS devices when they are scanned by standalone audit.
  • AEI-100868 : Software details are not getting fetched from devices scanned by SCCM.
  • AEI-100846 : Incorrect UI message is displayed during scheduled scan if the Endpoint Central server is unreachable.
  • AEI-99560 : Performance issue in the relationship tab under asset details page.
  • AEI-99555 : Performance issue in add new asset form.

CMDB :

  • AEI-101404 : If the add/edit form is saved by hitting Enter, the asset name is not reflected in the details page.

Purchase :

  • AEI-101006 : Purchase order approval emails are sent to users whose email addresses are removed from the To field in the approval action pop-up window.
  • AEI-100741 : When a purchase order is closed, the Email the Owner option under Actions menu is getting duplicated.
  • AEI-100977 : Approving all approval levels of a Purchase Order does not auto-approve the Purchase Order.

Admin :

  • AEI-101673 : In the Import from Active Directory pop-up, the hyperlink to configure requester additional fields redirects to the incorrect webpage.
  • AEI-101315: Error thrown while sending attachments via email if Enable password protection for all file attachments under Security Settings is enabled.
  • AEI-100788 : User information such as Jobtitle and User Additional Field data are not removed or anonymized when a user is deleted.

Login :

  • AEI-94855 : Users are not able to access the application after logging out without clearing the browser cache if they had enabled the Keep me signed in option during the login.

Others :

  • AEI-100241: When upgrading the application to versions 6904 or above, invoking the backup after upgrade throws an error in certain scenarios.

Behavior Changes in 6971 (Released on: 09 March 2022)

  • AEI-98175 : The header color in the purchase order print preview form and purchase order approval form received via email is now changed to default grey.
  • AEI-100749 : SDAdmins can now delete report folders of other technicians.
  • AEI-100731 : The applications running in HTTPS can now be integrated with AssetExplorer only after SSL certificate validation. Click here to learn more.
  • AEI-100780 : In Outgoing Mail server settings, the OAuth client secret field input will be concealed from viewing and the field value will be encrypted on the client side while saving the configuration.

Framework Upgrade Information :

  • AEF-100336 : Handlebars upgraded to version 4.7.7

Enhancements

  • AEF-99068 : You can now limit the number of characters displayed in fields like description, resolution, etc when generating reports for improved performance. The configuration is available under Admin > Performance Settings > Reports.

Issues Fixed :

Vulnerability :

  • AEI-98982 : Improper input validation during SAML login.
  • AEI-100710 : Sensitive data printed in logs.
  • AEI-101152: CVE-2022-25245: Sensitive information leakage in purchase requests.

Assets :

  • AEI-100370 : Incorrect value for the Workstation/Server Detected entry is shown in the scan summary.
  • AEI-100246 : License keys are not getting updated in the software details page when more than 1 license key is received through purchase order as comma-separated values.
  • AEI-100025 : On moving a workstation/server from an ownership state to a non-ownership state, the values in Last Logged In User and Logged On User fields are retained.

CMDB :

  • AEI-99684 : Unable to import CI relationship if the technician is not assigned with SDAdmin role.

Purchase :

  • AEI-100553 : In the print preview of purchase orders, only the last approved user is shown when multiple approval levels are configured for the purchase order.

Contracts :

  • AEI-99976 : Line breaks added to the Description field in contracts are getting lost.

Admin :

  • AEI-100425 : Unable to import .pfx type SSL certificate.
  • AEI-100306 : Scheduled AD user import fails on appending the user id with a profile picture URL in scheduled operation.
  • AEI-99494 : In non-English setups, the sub-tabs in the asset and CMDB details page are displayed in English.
  • AEI-100372 : Product list view doesn’t load properly, when the list contains products associated with inactive product types.
  • AEI-100444 : Active Directory User import notification displays the same icon for both successful and failed entries.
  • AEI-100682 : Active Directory user import fails as attribute names were treated case sensitively

Reports :

  • AEI-99938 : AssetExplorer becomes unresponsive in the Chrome browser if the criteria field in a report has many values.
  • AEI-100748 : Private reports of other technicians are not listed in the reports reorder page for SDAdmins.
  • AEI-100637 : Advanced filter for custom report is not applied properly. If the start with criteria is configured with multiple values, the report is generated only for the first value mentioned in the criteria.

General :

  • AEI-100402 : Uninstalling the application does not remove all application folders.

Behavior Changes in 6970 (Released on: 11 February 2022)

  • AEI-85611: Added support for TLSv1.3 protocol.
  • AEI-100409: Deprecation of TLSv1 and TLSv1.1

Beginning with build 6970, AssetExplorer no longer supports TLSv1 and TLSv1.1 protocols. The required minimum supported protocol will be TLSv1.2. For more details, Click here.

Framework Upgrade Information :

  • AEI-85611 : ZuluJRE Upgrade: Zulu OpenJRE upgraded from 1.8.222 to 1.8.292.

Enhancements :

  • AEF-84013 : Solarwinds Connector For Inventory

    Solarwinds connector introduced to help import scanned asset data such as network devices, workstations, and servers from Solarwinds to AssetExplorer. Click here to learn more.

  • AEF-80114: Asset Replenishment

    • Track asset inventory and configure notifications when the inventory count falls below the configured threshold.
    • Notify the relevant technicians by email.
    • The SDAdmin/SDAssetManager can configure threshold for products/product types available in store.

    Click here to learn more.

  • AEF-89679 : Fail Over Service

    Failover Service and Failover Service Replication can now be configured from the application UI under General Settings. Administrators can toggle FOS mode ON or OFF anytime and track the changes performed on the configurations from the History tab.

    • FOS in AssetExplorer now follows a peer-peer architecture. In the event of primary server unavailability, the secondary server takes over and functions as the primary server.
    • Postgres support is provided for the database server.
    • In event of application restore, FOS will be disabled by default. The administrator is required to enable FOS and restart the application again.

    Click here to learn more.

  • AEF-89330 : Password protected file attachment

File attachments in the AssetExplorer server is now password protected. A random password is generated and stored under Admin > Security Settings. SDAdmin can view or change the password if required.

  • AEF-98620 : Zoho charts in reports

    AssetExplorer integrates with Zoho Charts, a charting library with rich features and improved UI. The integrations allows users to create new chart types while generating reports. The UI of the generated chart is fine-tuned to display detailed information on hovering over the chart.

  • AEF-95115 : Admin Revamp

    The Admin page is revamped with an all new configurations grouping as well as an improved UI layout for ease of access.

    Other changes include :

    • New configuration pop-up for creating or editing user/technician additional field.
    • New UI layout for integrations page.
    • Revamped UI for Notification rules.
  • AEF-95493 : Region API

    V3 API support for Regions

  • AEF-100796 : Last successful/unsuccessful login date&time to be displayed upon login

    • Users can now view their last successful/failed login attempt details as a banner upon logging into the application. The banner will auto-close after 10 seconds.
    • If multiple login attempts are made into an user account when a user session is already active, a warning message will appear on the banner across all ongoing user sessions. This banner can only be closed manually.
    • The details regarding a user’s last successful/failed login attempts will be present under the Logout section.

Issues Fixed :

  • AEI-94216 : Labels containing Thai characters are not displayed in charts after a report is generated.
  • AEI-68770 : Graph view is not displayed properly for the Stacked Bar Chart 2D type chart while generating the reports.

Framework Upgrade Information in 6958 (Released on: 29 October 2022)

  • AEI-106148 : CVE-2022-47966 : Pre-Auth RCE vulnerability when SAML authentication is enabled

Enhancements in 6957 (Released on: 20 January 2022)

  • AEF-100286 : The failed users list in AD full sync import is now attached as a CSV file in the notification.

Issues Fixed :

Vulnerability :

  • AEI-100536: Sensitive information leakage in an admin REST API URL.
  • AEI-100691 : log4j framework jar version is upgraded to 2.17.1.

Purchase :

  • AEI-100289 : Contents of purchase order email notifications to the owner/vendor are misaligned.

General :

  • AEI-100328, AEI-98983 : Unable to upgrade AssetExplorer if Windows Authentication is used to connect to Microsoft SQL Server.
  • AEI-99911 : Error occurs while clicking AD user deletion notification in Chinese setup

Enhancements in 6956 (Released on: 29 December 2021)

  • AEF-99099 :You can now increase the number of assets fetched via global search by updating the “paramvalue” for the entry below in the GlobalConfig table.

    category = “Asset_Workstation_Global_Search”
    parameter = “searchLimit”
    paramvalue = “<any_value_up_to_1000>”

    Note : For better performance, it is recommended to set the paramvalue to the default count of 500.

  • AEF-99062 : Contract custom report now supports Description and Support columns in the column chooser.

Issues Fixed :

Assets :

  • AEI-99038 : While adding workstations/servers via web form, the NIC address added in Network Adapter details is not retained under the Hardware tab in the workstation or server details page.
  • AEI-77914 : Unable to add relationships between Virtual Hosts and Virtual Machines via V3 API.
  • AEI-99302 : Asset ownership details are removed during auto site allocation.
  • AEI-98990 : Error thrown while accessing a group if the technician is assigned to more than 1000 sites.
  • AEI-98074 : In assets, allowed Virtual Machines and Installed Virtual Machines are not listed in the details page of a Virtual Machine host.
  • AEI-59463 : Unable to update switch details via Asset scan.

CMDB :

  • AEI-98369 : Some of the CI relationship entries are missing in the list view under the Relationships tab when multiple CIs are added under different relationship types with same relationship name.
  • AEI-99685 : Unable to add relationship between two CIs when the CIs have same names and are located in different sites.

Admin :

  • AEI-99232 : IP address is not displayed under the Subject Alternative Name attribute after a SSL certificate is imported.
  • AEI-98396 : Invalid key exception is thrown during backup if the user changes the database server and reverts to the initial database server without running the application.
  • AEI-99540 : User import from the Active Directory fails if the predefined password for Local Authentication does not meet the password policy set under Security Settings.

General :

  • AEI-100295 : File attachments backup is not taken in builds 6954 and above.
  • AEI-99618 : An error occurs when accessing Admin, Reports or Community pages if configuration files relating to Advanced Analytics integration go missing.

Behavior Changes in 6955 (Released on: 24 December 2021)

  • AEF-100195 : Administrators are required to reset the default administrator password before applying license.

Issue Fixed :

Vulnerability :

  • AEI-99071 : Sensitive information leakage in Asset Explorer - DC integration page, SCCM configuration page, and Domain scan page.

General :

  • AEI-99291 : Non-compatibility message in Internet Explorer is not prominent enough.

Behavior Changes in 6954 (Released on: 14 December 2021)

  • AEI-97512 : Upgrading to Asset Explorer 6954 or above now includes additional configurations. Click here to learn more.

Framework Upgrade Information

  • AEI-94350 : Tomcat upgraded to version 9.0.54
  • AEI-88445 : Bootstrap upgraded to version 3.4.1
  • AEI-90233 : Jquery UI upgraded to version 1.12.1
  • AEI-96987 : Jquery validation upgraded to version 1.19.3

Enhancements :

  • AEF-85182 : Matrix Report now supports the percentage in summary type.
  • AEF-39779 : Date field is now listed under Date Filter in Summary Reports.
  • AEF-99063 : You can now access AssetExplorer from any domain by setting Access-Control-Allow-Origin to Trusted in Security Settings.

Issues Fixed :

Vulnerability :

  • AEF-96556 : User enumeration vulnerability in login page.

Assets :

  • AEI-99580: The error messages and troubleshoot messages displayed with respect to Endpoint Central functionalities are improved.
  • AEI-98499 : Data is not populated for the Warranty Expiry Date field in Workstation and Server while pushing data from remote server to central server.
  • AEI-99247 : DC agent based scan takes longer than usual when the scanned device matches a scan disabled asset.
  • AEI-97970 : Endpoint Central Agent version is missing in Asset details page.

Purchase :

  • AEI-98615 : In purchase request details page, the scroll bar in the Requested Items section is hidden if the item description is too long.

Contracts :

  • AEI-98494 : The horizontal scroll functionality is missing in the contracts list view despite adding multiple additional fields to the list view via the column chooser.

Admin :

  • AEI-98860 : In versions 6904 and above, scheduled backups are not automatically deleted even after the duration to retain the backups is completed.

Reports :

  • AEI-71944 : Some separator lines are not visible in a tabular report when exported as PDF file.

General :

  • AEI-98873 : Unable to log in to AssetExplorer via Internet Explorer.
  • AEI-99119 : Unable to start AssetExplorer after silent installation in Linux environments.
  • AEI-99556 : Performance issue in retrieving theme settings from database.

Issue Fixed in 6953 (Released on: 03 December 2021)

Vulnerability :

  • AEI-99853: CVE-2021-44526: Authentication bypass vulnerability in certain admin configurations.

Issue Fixed in 6952 (Released on: 27 November 2021)

Vulnerability :

  • AEI-99665 : Unauthenticated file uploaded (only .tmp files) to windows temp directory

Behavior Changes in 6951 (Released on: 19 November 2021)

  • AEI-97251 : The default value of Backup Scheduling is now set to 7 days.
  • AEF-97367 :
    • The size of TableDataCount.html and FailedQuery.html files is now restricted to 5mb inside the log folder.
    • If the file size exceeds 5mb, old content will be replaced with new content in the file.
  • AEF- 98119 : The following changes are applicable for the configurations under Admin > Discovery > Scan Settings > General
    • All actions configured will now be recorded in the system log.
    • Modified the “Delete/Dispose workstations and servers that have not been scanned in the last <number> days” text to “Delete/Dispose assets that have not been scanned in the last <number> days”
    • When selecting the Delete/Dispose assets that have not been scanned in the last <number> days option, the schedule to delete/dispose of the assets will now run only after 24 hours. An appropriate alert message is also added for this new behavior.

Framework Upgradation :

  • AEI-98415 : Postgres upgraded from version 10.16 to version 10.17

Enhancements :

  • AEF-66374 : You can now import AD attributes of Integer type.
  • AEF-33758 : Introduced an option to modify the product type of assets.
  • AEF-98081 : New query reports are added under the Reports by site and technician folder in Custom Reports.
  • AEF-70376 : You can now edit the price fields of items when creating purchase orders from purchase requests.

Issues Fixed :

Assets :

  • AEI-99295 : Inline search issue of CI attributes in the Assets and CMDB List View pages.
  • AEI-98563 : The Label and Description fields in Asset-Additional Fields and Workstation-Additional Fields are encrypted if the field value contains special characters. The issue occurs if the Save button is clicked for the second time after adding a new additional field.
  • AEI-95073 : Asset Owner is not retained on modifying the CI type of an asset.
  • AEI-80737 : An irrelevant alert message is thrown while searching a workstation under Asset.
  • AEI-73396: During scan, the Red hat machines are not added as Linux workstation/Linux server CI types. This issue occurs if the operating system name does not contain the keyword Linux.
  • AEI-98114 : Unable to update asset fields via Update CI API operation.
  • AEI-96462 : Web RDP sessions are not shown in the asset history.
  • AEI-98364 : Introduced All States option under the All Assets drop down in the Assets list view page to filter the assets from all states.

CMDB :

  • AEI-97987 : The software list view in CMDB displays csv import option, which is misleading.
  • AEI-98628 : Asset and CMDB Asset list views are loading slow.

Purchase :

  • AEI-82805 : When a PR is associated with a PO after its creation, the PO items are excluded and only the PR items are marked as received.
  • AEI-96608 : Unable to create Purchase Order from Purchase Request when an software other than Managed type is selected as the PO item.
  • AEI-97481 : The purchase order ID is displayed instead of purchase order number in the asset details page.

Admin :

  • AEI-97446 : Unable to bulk-delete credentials from the Credential Library as the default Cisco Phone Credential is also selected.
  • AEI-69068 : Users are able to add duplicate values in asset additional fields of pick list type.
  • AEI-92684 : Irrelevant information is displayed in the Reset Password window while resetting the user/technician’s password.
  • AEI-68650 : Web remote help card content is not translated in non-English setups.
  • AEI-98695 : Database maintenance activity gets executed a day prior to the scheduled day.
  • AEI-97977 : Failure in reindexing healthmeter displays an error.
  • AEF-95554 : Added proper alert message to convey that custom software CI types cannot be deleted when they are already in use.

Reports :

  • AEI-97338 : Unable to generate custom reports if the displayed column name exceeds respective column limit in the database.
  • AEI-98707 : While exporting custom reports as CSV or PDF files, the fields containing non-English language values are broken.
  • AEI-39539 : Everyday/Every Month check box is selected automatically on selecting a day/month in Weekly/Monthly reports under Reports > New Schedule Report.

Behavior Changes in 6950 (Released on: 20 October 2021)

  • AEI-98830 : AD user import success/failure details will now be notified to SDAdmins via bell notifications instead of showing progress on a separate page.
  • AEI-98900 : In Purchase Orders configured without any approvals, technicians can order, receive items, and add invoice/payments.
  • AEI-98526 : Actions button is removed from Relationship and History tabs in CI details page for non-asset CI types.

Enhancements :

  • AEF-98830 & AEF-73345 : Active Directory Import Enhancements

    • Delta Sync in AD User Import : Administrators can now update changes in the user details from Active Directory into AssetExplorer via Delta Sync. Delta sync minimalizes data payload transferred during an import. It is scheduled along with Full Scan and imports the changes in data every 30 minutes to keep your user repository up-to-date. You can track the last import time and the next schedule time of the AD Import from Users > Active Directory from Admin tab. To learn more, Click here.
    • Support for LDAP SSL in AD User Import : LDAP security protocol can be enabled while importing users from AD. If LDAP SSL is enabled, the AssetExplorer will connect with AD through port 636. To learn more, Click here.
    • Schedule Deleted Users Import : Administrators can schedule the syncing of deleted users independently from the user import schedule. The last import time and the next schedule time of the deleted users sync can be tracked from the Active Directory configurations page.
    • Schedule LDAP Import : Administrators can now configure AD and LDAP schedules separately. LDAP imports can be scheduled from Users > LDAP under Admin tab. To learn more, Click here.
  • AEF-95210 : Attachment settings in Admin

    Configure which file attachments you want to allow and which ones you want to restrict in AssetExplorer. You can find the settings under Admin > Attachment Settings.

  • AEF-91700 : Advanced Matrix Report Enhancement

    • Users can now add up to 5 columns while grouping data in Advanced Matrix Reports.

    • Users can select the Request field in the Columns drop-down under the Column Grouping section for all modules that support matrix reports.

    • The Date Format drop-down will be displayed only if a date field is selected as the column.

    • Users can also add up to 5 rows to group the data in the Group bysection.

      To learn more, Click here

  • AEF-96351 : Introducing PII/ePHI for User Additional Fields

    Administrators can now mark out the user additional fields that contain Personally Identifiable Information (PII) or Electronic protected health information (ePHI) to identify the sensitive information collected and stored in AssetExplorer. The personal data of users (both technicians and end users) in PII/ePHI marked fields are handled in accordance with privacy regulations such as the GDPR.

    To learn more, Click here

  • AEF-89079 : Asset and Purchase Admin revamp

    • Revamped UI for admin entities: Purchase Default Value, Cost Center, GL Code, Currency, Vendor Services, Contract Type, Product Type, Product, Vendor, and Asset State.
    • You can now delete default contract types.
    • Support for maintaining deleted contract types as inactive when they are already associated with contracts.
    • Support for V3 API for admin entities under asset, purchase, and contract management.
  • AEF-93672 : Attachment API Revamp

    • You can now upload up to 10 files in a single action as attachments across the application.
    • Upload the files using a simple drag-and-drop method.
    • Preview is available for attachments of certain file types.
  • AEF-98900 : V3 API support available for Purchase Order.

  • AEF-93241 : V3 API support for Assets.

Issues Fixed :

  • AEI-98725 : Fail over service (FOS) is not getting started after upgrading to build 6906.

Purchase :

  • AEI-98600 : In versions 6905 and above, the approval link in Purchase Order approval notification is broken for some users.

Framework Upgrade Information in 6911 (Released on: 29 October 2022)

  • AEI-106148 : CVE-2022-47966: Pre-Auth RCE vulnerability when SAML authentication is enabled

Issue Fixed in 6909 (Released on: 03 December 2021)

Vulnerability :

  • AEI-99853: CVE-2021-44526: Authentication bypass vulnerability in certain admin configurations.

Issue Fixed in 6908 (Released on: 27 November 2021)

Vulnerability :

  • AEI-99665 : Unauthenticated file uploaded (only .tmp files) to windows temp directory

Issues Fixed in 6907 (Released on: 15 October 2021)

Assets : Agent

  • AEI-98715 : When DC server is configured in https mode, the DC Agent based scan takes longer than usual.
  • AEI-98857 : Scan fails when the device reachable via DC server cannot be pinged from ServiceDesk Plus server.

Issues Fixed in 6906 (Released on: 23 September 2021)

Assets :

  • AEI-97297 :
    • The Agent Configuration page is grayed out even if the Endpoint Central is configured.
    • Network Scan, Windows Domain Scan, and group scan show no progress.
  • AEI-96542 : Typo error in the scan status message displayed to the users.
  • AEI-97389 : In some cases, the error code is displayed instead of an error message when the remote control session to an asset fails.
  • AEI-97866 : Error in translating the texts under Switch and Router in the Assets module.
  • AEI-95262 : The software version of the operating system is not fetched while scanning Windows machines.
  • AEI-58417 : Error in translating the texts under the Router in the Assets module.
  • AEI-94544 : The value of the Description field in assets exceeding 250 characters is getting truncated.

**Software :
**

  • AEI-71677 : The additional field does not display the default option on edit page for Software License and License Agreement.

CMDB :

  • AEI-97579 : Upon failure of CI import, the error logs are downloaded in .csv format
  • AEI-97071 : History details are not displayed in the print preview of a CI in the Assets and CMDB tabs.

Purchase :

  • AEI-83801 : The tax rate is not reflected in purchase orders on selecting a product/service/vendor if the purchase order is created from a purchase request.
  • AEI-71484 : Unable to perform actions on purchase orders if purchase requests associated with the purchase orders are closed/canceled.

Contracts :

  • AEI-96762 : In asset details page, unable to differentiate between two contracts with the same name.

Admin :

  • AEI-95143 : The user multi-line additional field limit is increased to 3500 characters.
  • AEI-47614, SD-47615 : Mistranslated text in Software Compliance graph in Italian personalization.
  • AEI-97294, SD-97342 : The deleted user list from AD is not listed in the popup window on clicking the bell notification received from AD scheduled import.
  • AEI-91295 : User Additional fields of field type Date/Time are rendered as null or empty if the date is set before 1970.

Issues Fixed in 6905 (Released on: 11 September 2021)

Vulnerability

  • AEI-98283 : Authentication bypass vulnerability in certain application URLs

Behavior Changes in 6904 (Released on: 03 September 2021)

  • AEI-71960 : The contract ID is now prefixed to the contract name.
  • AEI-95751 :
    • The Logical Processor column can now be chosen only for the virtual host list view.
    • The Operating System column is no longer supported in the list view page of any asset.
    • The Comment column is no longer supported in the list view page of any asset.

Enhancements :

  • AEF-95865 : Delete option is now available in the asset list view pop up under dashboard and summary page.

  • AEF-51221 : Users can now select Contract ID and Contract Type columns to be displayed while generating contract custom reports.

  • AEF-97733 :Approval comments for the Approve action in Purchase Orders can now be made optional by updating “paramvalue” for the entry below in the GlobalConfig table.

    category= “ApprovalAction”
    parameter= “MandatePurchaseApprovalComments”
    paramvalue= “false” or “true”

    Note: For the Approve action, comments be come mandatory when the “paramvalue” is set to “true” and become optional when it is set to "false". For the Reject action, comments are always mandatory.

  • AEF-89950, AEF-53046, AEF-84746, AEF-27699 : You can now connect to MSSQL database via Windows authentication.

  • AEF-67346 : Users can now view the comments added to invoices and payment details from the list view of Invoice and Payments sub-tab in purchase order details page.

  • AEF-96301 : In SCCM integration, pro support warranty type is given priority while fetching warranty of DELL assets based on the service level description. V_GS_DELL_ASSETWARRANTYINFORMATION0 can also be used to fetch the warranty information.

Issues Fixed :

Vulnerability :

  • AEI-93454 : Dynamic report related files and folders are generated under Root and Custom folders.
  • AEI-96819 : Persistent Cross-Site Scripting vulnerability in asset name fields.
  • AEI-95569 : CSRF vulnerability in the application login page.

Assets :

  • AEI-96298 : Unable to create workstations via API.
  • AEI-95893 : After performing a global search for a different entity from assets tab, the search criteria is not reset to assets.
  • AEI-96263 : Asset group is shown multiple times for the technicians with SDSiteAdmin role.
  • AEI-93666 : ESXi scan fails with duplicate key exception.
  • AEI-95897 : The SCCM scheduler doesn’t advance from the “Scanning inProgress” state.
  • AEI-85375 : In some cases, the scan success/failure message is not translated in non-English setups.
  • AEI-58532 : Changing software type from Managed to any other type is not taking effect when the corresponding software assets have license agreements or purchase orders associated with them.
  • AEI-94131 : Adding asset/software license/license agreement additional fields containing characters with accent marks.
  • AEI-46378 : In the Add New Server form, the options in the Model drop-down does not list the elements in alphabetical order.

CMDB :

  • AEI-95451 : Search/sort in asset list views and CMDB list views of asset type is not supported in 6800 build.
  • AEI-97067 : Technicians could not edit non-asset CIs associated with them even if they have Enable CMDB role and full permission to assets across sites.

Purchase :

  • AEI-70214 : In Asset Explorer, unable to perform non-login approvals since default globalconfig entry is set as ‘Requires Login’.
  • AEI-95752 : The Purchase Order link is loading too slow when accessed from the asset details page.
  • AEI-82505 : An inappropriate alert is thrown after entering a correct value in the Discount field.
  • AEI-57368 : In Purchase Order details page, the invoice list view does not load after adding an invoice/payment from the Invoice and Payments tab.

Admin:

  • AEI-72064 : Extra exclamatory marks are removed in some language personalization.
  • AEI-96656 : An error is thrown when adding or updating windows domain in non-English setups.
  • AEI-95231 : Unable to edit user additional field pick lists if the pick list contains more than 10 options.
  • AEI-95441 : Refresh token is not found when Gmail/GSuite account is configured in the Mail Server Settings.

Reports:

  • AEI-97248 : Query report generation fails if the executed query contains more than 10000 characters.

General:

  • AEI-90236 : Moment.js library dependency removed.
  • AEI-97323 : In non-English setups, unable to login when domain is not selected.
  • AEI-96352 : During login, the login form is missing when all authentication modes are disabled.
  • AEI-89044 : An unwanted error message is displayed in the command prompt while executing shell command in Linux to run the .sh files.
  • AEI-96495 : In certain scenarios, license is not fetched properly resulting in unsuccessful login.
  • AEI-94782 : Caching fails after upgrading to build 6729.
  • AEI-51260 : Unable to configure the login credentials in non-English characters from changeDBServer console.

Issues Fixed in 6903 (Released on: 26 July 2021)****Framework Upgradation :

  • Postgres upgraded from version 10.12 to version 10.16

Issues Fixed :

Vulnerability :

  • AEI-92045 : CVE-2020-25696 : Arbitrary SQL injection vulnerability
  • AEI-92100 : CVE-2020-25695 : Arbitrary SQL injection vulnerability
  • AEI-91919 : Privilege escalation vulnerability in user API.
  • AEI-93751 : Users are able to upload files with extensions that are blacklisted in the Global Config.
  • AEI-96346 : Found privilege escalation vulnerability in private summary, CI history, and audit reports.

Reports :

  • AEI-94909 : In some predefined reports, the data generated from list view is different from the data generated by editing and running the report.
  • AEI-95362 : Unable to save default CI History report and Audit report after editing.

General :

  • AEI-96055 : The selected tab text theme is not getting applied to the currently accessed modules.

Issues Fixed in 6902 (Released on: 21 July 2021)

Vulnerability :

  • AEI-96823 : Authentication bypass vulnerability in few rest API urls reported by David

Behavior Changes in 6901 (Released on: 12 July 2021)

  • AEI-95054 : Upgrade restrictions will be applicable to users who have perpetual license without AMS.

Enhancements

  • AEF-95511 : In accordance with ISO standards, the date format is updated in the application.

  • AEF-93521, AEF-95391 :Admins can now customize the default image preview resolution for inline images across the application. This configuration is based on the GlobalConfig table entry :

    category="rta"

    parameter ="defaultImageOption"

    paramvalue = “bestfit” or “original” or “smallfit” or “fitTiWidth”

Issues Fixed :

Assets :

  • AEI-96254 : The application header keeps loading for a long time if Endpoint Central server is not reachable.
  • AEI-95200 : Disk space(GB) field value is not displayed in asset list view in 6800 build and above.
  • AEI-94900 : Unable to sort assets and workstations alphabetically using User, Department, or Site column in list view.
  • AEI-95346 : The value of is loaned field is inconsistent in Workstation list view and detail view page.
  • AEI-94919 : On updating an asset’s product type as Consumables, the associated barcode entry is retained as an orphan entry in the barcode table.

Purchase :

  • AEI-66337 : In Purchase Order notifications sent to owner/vendor, non-english characters in the html attachments are garbled.
  • AEI-76280 : Purchase order cancellation email is not notified.
  • AEI-78753 : Associated PR status and Due Date are not displayed in PO under the Requests tab.

Admin :

  • AEI-95492 : The value of the Date additional field is not updated correctly during the scheduled AD import.

General :

  • AEI-96255 : The 32-bit download URL is provided for 64 bit computers while prompting users to install DC in ServiceDesk Plus.
  • AEI-88708 : Restore failure due to unique constraint violation of SB_Applications table in PostgreSQL-based builds.

Behavior Changes in 6900 (Released on: 28 June 2021)

AEI-96063 : Changes due to DC Bundle

  • AE agents used for scanning Windows machines have been removed and the new DesktopCentral agents have to be used.
  • Support for WMI scan for Windows machines and SSH/telnet scan for Linux and Mac machines have been removed. Linux and Mac machines also have to be scanned using the new DesktopCentral agents.
  • The scripts used for scanning have been moved out of the build.
  • Support for “MAC Address identification during scan” under scan settings has been removed.
  • Option to choose machines for remote control prompt is removed. Alternatively, enabling/disabling remote control prompt for all machines can be performed under Admin --> Agent configurations.
  • As agents and scan mechanism have changed, configurations “WMI Timeout” and “Automatic Delta Scan” under scan settings and configuring TCP protocols and ciphers have been removed.

AEI-96064 : Changes due to Asset Auto Site Association feature

  • Option to choose site during network scan have been removed.

Enhancements

AEF-96031: DC Bundle

  • Asset Explorer now uses Endpoint Central Agents for Asset Scan. The native Asset Explorer tools and agents for scanning, remote control will now be replaced with the Endpoint Central agent, To learn more, Click here

AEF-38697, AEF-67029: Software reconcile

  • In assets, you can now reconcile two software from the scanned software list view, retaining the details of the latest added software, To learn more, click here.

AEF- 95976: Header Revamp and Layout Personalization

  • Revamped UI for header, global search, user profile panel You can now change the orientation of the header pane as topbar, sidebar, or sidebar lite, To learn more, click here.

AEF-83786 : Automatic Site Association for Assets based on IP Address

  • You can now automate the association of IT assets to sites based on their IP addresses. To do this, create a configuration under Admin >> Discovery >> Scan Settings >> Auto Site Allocation, To learn more, click here

AEF-85914: Asset Notification Enhancements

  • Added support for new content variables for basic asset-related information.
  • Added new variables that display data in a customizable tabular format namely $Loaned Assets, $Loan Expired Assets, $Expired Assets, $Assigned Assets.
  • Added Notify Before and Frequency fields for notifications involving asset expiry, warranty expiry, and loan period expiry. To learn more, click here.

AEF-22422, AEF-43984, AEF-29290, AEF-56484, AEF-91670: Report Enhancements

  • Added support for sorting columns by ascending or descending order in custom tabular reports. Users will be notified via email with an appropriate message instead of an empty report attachment when data is not available for scheduled reports.
  • Users with SDAdmin role will now have permission to all custom reports, query reports, and schedule reports created by other technicians.
  • Added a new notification to intimate technicians when their private reports and scheduled reports are edited or deleted. Revamped Scheduled Report list view page with options to filter, edit, and delete schedules based on roles.

AEF-95983: Encryption support for user additional field

  • Encrypt user additional fields (single/multi line and pick list) with sensitive information, To learn more, click here.

AEF-84904: Antivirus scanning for file uploads in Admin

  • Attachments will now be scanned for virus before uploading into the application. If virus is detected, the attachment will not be uploaded.
  • Administrators can configure antivirus scan settings under Admin >> Security Settings >> Advanced tab. To learn more, click here

AEF-68402: Asset Categorization Enhancements

  • All workstations will now be classified into Desktop, Laptop, Tablet, and Others computer groups.
  • Workstations now support the Chassis Type field.
  • In reports, the Is Laptop field is replaced with Computer Group and additionally, the Chassis Type field has been added.
  • New default reports Computers by Computer Group and Computers by Chassis Type are added under All Computers (Workstations and Servers).
  • In products, the Is laptop field is removed and replaced with Computer Group.

Issues Fixed

Vulnerability :

  • AEI-94096 : CVE-2021-20109 : Heap Overflow in agent reported by David
  • AEI-94095 : CVE-2021-20110 : Integer overflow RCE in agent reported by David
  • AEI-93693 : CVE-2021-20108 : Remote DOS vulnerability in agent reported by David

ManageEngine AssetExplorer 6.8****Behavior Changes in 6804 (Released on: 23 June 2021)

  • AEI-95234 : Users will have to re-login to the application after migrating to 6804 or above, if Keep me signed in is enabled in the login page.

Enhancements

  • AEF-21785, AEF-90680 : Users can now customize the width and height of the chart in tabular reports.
  • AEF-76783 : The time format YYYY-MM-DD HH:MM is now introduced in the application with respect to the ISO standards.

Issues Fixed

Vulnerability

  • AEI-93569 : Unauthenticated users are able to access inline images in the application.

Assets

  • AEI-94899 : When the software in a workstation details page are sorted by Software Name column, the software are not sorted properly.
  • AEI-94890 : Unable to perform global search for assets if the column Operation System is enabled in the workstation list view.
  • AEI-94127 : The asset list under software/hardware audit changes from the Scan Summary page does not displays more than 12 rows.
  • AEI-94421 : An error is thrown when searching for an asset or workstation using their Service Tag via column search in the asset list view page.
  • AEI-94215 : When sending email notifications to users of a scanned software asset, the E-mail Users pop-up is not fetching all email addresses if the user count exceeds 25.
  • AEI-92800 : Unable to invoke the drop-down lists that allow you to switch between the type of assets and time period in the Audit History page.
  • AEI-94564 : When editing an asset, changing the vendor displays incorrect purchase cost information.
  • AEI-94234 : BIOS date column missing in the Workstation list view.
  • AEI-94403: Submit button in the CI Import Wizard is displayed even after the form is submitted.

CMDB

  • AEI-94539 : Unable to update custom CI attributes of child CI types via the parent CI type. The custom CI attributes are set to the first CI attribute when the custom attributes of the CIs are updated via bulk-edit.

Purchase

  • AEI-94773 : The approval page does not load when the approver tries to log in via the PO approval link in email.
  • AEI-94835 : Vendor details are not populated in Add Purchase Order form when the purchase order is created from a purchase request.
  • AEI-94041 : When closing a purchase order, the mandatory fields pop-up erroneously shows non-empty purchase additional fields of the picklist type.

Admin

  • AEI-95263 : Mail sending fails via EWS protocol when the email message contains End-of-Text character (0x03).
  • AEI-95309 : Technician names are not listed in Choose Technicians field in Admin >> Notification Rules.
  • AEI-94265 : The UI text Requires Scan and State are not properly translated in some German personalization.
  • AEI-93398 : State is mistranslated in Asset Module in Polish personalization.
  • AEI-94834 : Email Notifications with non-English characters in email subject are not displayed properly.

Reports

  • AEI-94832 : On saving a report, unable to export it in formats other than PDF from the bottom panel.
  • AEI-95100 : Error thrown while accessing the Reports page after upgrade.

Mobile App

  • AEI-95234 : Weak algorithm vulnerability if Keep me signed in is enabled during login

General

  • AEI-95497 : The header icons are barely visible when accessing Asset Explorer from Chrome 91

Issues Fixed in 6803 (Released on: 25 May 2021)

Vulnerability

  • AEI-94152 : Additional Heapdump files(.hprof) under [SDP_Home]/bin are occupying extra disk space.
  • AEI-93032 : Secure attribute is enabled for all cookies.

Issues Fixed in 6802 (Released on: 02 May 2021)

Vulnerability

  • AEI-94183 : Privilege escalation vulnerability while downloading attachments in Purchase Requests reported by Ranjit Pahan.

Assets

  • AEI-93267 : When editing a dynamic group in Assets module, the site filter is not shown if the Site criteria value was previously set to "None".
  • AEI-93726 : Asset Ownership History does not show comments when assets are moved to a state that doesn’t mandate ownership.
  • AEI-94168 : The value of the Model field is getting changed to numbers after adding/editing workstations through forms.
  • AEI-94173 : The IP Address field is displayed during CSV import of Non-IT assets and Components.
  • AEI-94176 : The Site field is now added into the assets-to-barcode mapping document which is available during the barcode generation for existing assets.

CMDB

  • AEI-91736 : The Mac Address, IP Address, and SubNetMask fields in network devices are reset as null when the Business Impact field is updated via CMDB API.

Admin

  • AEI-94091 : User phone numbers and mobile numbers appear reversed when the application is set in right-to-left languages.
  • AEI-93381 : List view column headers are not translated.
  • AEI-93758 : Clicking on the Notifications about Technicians deleted during scheduled AD import leads to an empty page.

Enhancement in 6801 (Released on: 12 April 2021)

  • AEF-93590 : In reports, you can now customize the label length for stacked bar charts under Custom Settings >> Bar Chart/Stacked Bar Chart Settings.

Issues Fixed

Vulnerability

  • AEI-93307 : Denial of Service (DoS) vulnerability detected when uploading images across all modules in the application.
  • AEI-93473 : Denial of Service (DoS) vulnerability detected when adding images via keyboard shortcut (Ctrl+V) across all modules in the application.

Assets

  • AEI-92961 : Need to remove IP address and network details of assets added in/moved to disposed state.

CMDB

  • AEI-92549 : Error thrown while updating CI via CMDB API if the criteria contains a string ending in double quotes.
  • AEI-93142 : Unable to modify CI type when more than 20 CIs are selected from the CMDB list view.
  • AEI-93378 : Unable to import software relationships from XLS files if the technician is not associated to any site or if the software name is similar to any CI name.

Purchase

  • AEI-87726 : Required By field name is translated wrongly in Purchase module in Spanish setup.

Reports

  • AEI-64324 : Rendering issue occurs with charts when reports are converted from Stacked Bar Chart 2D/3D to Bar Chart 2D/3D.
  • AEI-89400 : Query with the keyword “Similar” does not work in query reports.
  • AEI-92042 : Query with the keyword ‘for xml path’ does not work in query reports.
  • AEI-93394 : In Windows environment, changes made to reports are not getting reflected in print preview and exports in file formats other than PDF.

Admin

  • AEI-84550 : Searching for users in the user list view does not fetch any results if the keyword is exclusively numeric and user records contain numeric additional fields.
  • AEI-91649 : Password is not mandated further during scheduled CSV User Import.
  • AEI-92649 : In some cases, clicking on the ellipses icon in the Users page to view the total count of users throws “Extra Key found in JSON” error.
  • AEI-93305 : Unable to add an email ID that contains an apostrophe (') symbol in User/Technician form.

Behavior Changes in 6800 (Released on: 07 April 2021)

Asset Details Page

  • Instance Attribute will not be supported further for new Assets/CIs and the instance attributes data for older ci’s will not be shown in the details page.

Asset List View

  • Users can access the Asset summary from the Summary tab in the left panel.
  • Disposed Assets : Disposed Assets will not be shown in any of the list views. It can be viewed by the filter named Disposed Assets from the list view.
  • Older list view personalization will be removed for assets list views
  • Maximum of 500 assets can be searched from Global Search for performance Enhancement.
  • Assets tab from the application header will now redirect to the Assets list view. If the user has accessed the Assets tab earlier, the List view last seen by the user will be displayed.
  • Search/sort in asset list views and CMDB list views of asset type is not supported. It would be supported in one of the future service packs.

Assets Dashboard

  • All the count showing in the dashboards will not have the disposed assets count.
  • Asset module links will now be opened as a pop-up window on the Dashboard.

Framework Upgrade Information

  • AEF-92117 : Mickeylite upgraded to version 4180.
  • AEF-89500 : Tomcat upgraded to version 9.037

Enhancements

AEF-89373 , AEF-89372, AEF-81168 : Asset UI Revamp

  • Bulk-Edit is now supported for Assets in Assets and CMDB list view.
  • Users can now filter Assets using Custom Filters from the list view.

AEF-92591 , AEF-92177 : Session Management in Mobile App

  • Technicians can now login into the mobile app without generating the technician key.
  • For fresh installations, the default session idle timeout for the mobile app will be set to 30 minutes. You can customize this under Admin >> General Settings >> Security Settings.

AEF-90182 : UPN-based login is now supported for SAML authentication.

Issue Fixed

Vulnerability

  • AEI-93706 : XSS vulnerability in IP address field reported by Chris.

Asset

  • AEI-92501 : In the list view of any IT Asset, clicking New Scan before the list is fully loaded throws an error.

Issue Fixed 6738 (Released on: 09 February 2022)

Vulnerability :

  • AEI-100691 : log4j framework jar version is upgraded to 2.17.1.

Issue Fixed 6737 (Released on: 03 December 2021)

Vulnerability :

  • AEI-99853: CVE-2021-44526: Authentication bypass vulnerability in certain admin configurations.

Issue Fixed 6736 (Released on: 26 November 2021)

Vulnerability :

  • AEI-99665 : Unauthenticated file uploaded (only .tmp files) to windows temp directory

Issues Fixed 6735 (Released on: 14 September 2021)

Vulnerability

  • AEI-98283 : Authentication bypass vulnerability in certain application URLs

Issues Fixed 6734 (Released on: 22 July 2021)

Vulnerability

  • AEI-96823 : Authentication bypass vulnerability in few rest API urls reported by David

Issues Fixed 6733 (Released on: 26 March 2021)

Vulnerability

  • AEI-93399: Privilege escalation vulnerability while associating purchase requests to Purchase Orders reported by Ranjit Pahan.
  • AEI-93436: Privilege escalation vulnerability when adding attachments to Purchase Requests reported by Ranjit Pahan.
  • AEI-93430: Privilege escalation vulnerability in Purchase Request history reported by Ranjit Pahan.

Admin

  • AEI-91785 : In Admin >> General Settings >> Security Settings, description for Session timeout configuration is misleading.
  • AEI-93574 : Unable to send two-factor authentication emails when EWS Protocol is configured in the Outgoing Mail Server settings.

Issues Fixed 6732 (Released on: 09 March 2021)

Vulnerability

  • AEI-93424 : Privilege escalation vulnerability in accessing API keys reported by Ranjit Pahan.
  • AEI-93428 : XSS vulnerability in purchase request history reported by Ranjit Pahan.

Behavior Changes 6731 (Released on: 05 March 2021)

  • AEI-92788: Login authentication has been removed and API Key authentication has been introduced for pushing data from a remote server.
  • AEI-92830 : Device domains fetched during scans (except domain scan) will now be added as private domains.

Enhancement

  • AEF-89681: Option to limit the number of workstation’s data fetched while generating Audit History by Workstation report under Performance Settings.

Issues Fixed

Vulnerability

  • AEI-92575 : Incorrect error message displayed for invalid requests.
  • AEI-92785 : Privilege escalation vulnerability in canceling Purchase Order reported by Ranjit Pahan.
  • AEI-92719 : Privilege escalation vulnerability in adding attachments in Assets module reported by Ranjit Pahan.

Admin

  • AEI-92900 : On removing the Department Name column from the users list view, the Site column is rendered empty for all users.
  • AEI-92138 : Unable to save monthly asset scan scheduled with Day option.

Assets

  • AEI-92495 : Site details are not saved while loaning an asset from the asset details page.
  • AEI-92111 : Issue connecting to agents via Telnet/SSH protocol when the SSH credentials contain private key.

Purchase

  • AEI-78626, AEI-91865 : Unable to receive Purchase Order if the selected product is deleted before the Purchase Order is saved.

Contracts

  • AEI-92610 : Error thrown while updating contract if the number of days in Notify Before field exceeds 10.

Reports

  • AEI-91143 : Unable to generate custom CMDB reports when the Business Impact column is added to the report.
  • AEI-32087 : Columns displayed in the Report Wizard will be listed alphabetically.
  • AEI-89681 : Error thrown while generating Audit History by Workstation report if a large number of data is present.

Others

  • AEI-92027 : Improper error thrown if the CI type is invalid while fetching CI details via CMDB API

Issues Fixed 6730 (Released on: 19 February 2021)

Vulnerability

  • AEI-92806 : Privilege escalation vulnerability in deleting CMDB attachments in Assets module reported by Ranjit Pahan.
  • AEI-92754 : Privilege escalation vulnerability in deleting User attachments in Assets module reported by Ranjit Pahan.
  • AEI-92723 : Privilege escalation vulnerability in deleting Purchase Order attachments in Assets module reported by Ranjit Pahan.

Issues Fixed 6729 (Released on: 18 February 2021)

Assets

  • AEI-92110 : You can now restrict sudo privilege for commands used in Linux/AIX/Solaris scan.

CMDB

  • AEI-91514 : In CMDB module, the Software CI types list view is not getting filtered for any value chosen using Filter by Software drop-down.
  • AEI-91680 : CSV user import fails when the department name or site name contain trailing spaces.

Purchase

  • AEI-91836 : In purchase request details page, content overflows for Item Name and Description fields under Requested Items.

Admin

  • AEI-91640 : Default user fields are added to the SDLDAPFIELDMAP table during LDAP import.

Framework Upgrade Information 6728 (Released on: 29 January 2021)

  • AEI-92195 : Jquery upgraded to 3.5.1

Issues Fixed :

Vulnerability :

  • AEI-92101 : HttpClient library upgraded to 4.5.13.jar version.
  • AEI-92274 : Possible brute force attack detected in mobile authentication API.

Admin :

  • AEI-87374 : The SSL Keystore password now supports dollar ($) sign while quotation mark (”) and backslash (\) symbols are unsupported further.

Features 6727 (Released on: 25 January 2021)

AEF-63109: Two-factor authentication

  • Users can now be mandated to use an additional authentication mode such as Google Authenticator or email-based OTP along with regular passwords to log into the application.

    To learn more, click here

AEF-84600: Login-based query reports

  • New query reports based on user login are added as default Login Reports. To learn more, click here.

AEF- 92107: Live Chat Support

  • ManageEngine’ Live Chat support channel can now be accessed within the application.
  • To access it, go to Community >> Chat Support >> Live Chat or Help >> Live Chat. To learn more, click here.

Issues Fixed 6726 (Released on: 13 January 2021)

Agent

  • AEI-92392: SSL security certificate is signed with SHA-1 in 1.0.33 for agent-server communication.

Admin

  • AEI-91591, AEI-69566: User import from Active Directory (AD) fails when an AD field mapped to the Site field has more than 100 characters.

Community

  • AEI-91788, AEI-71050: Unable to report an issue from the Community tab.

Issues Fixed 6725 (Released on: 31 December 2020)

Enhancement

  • AEF-89083: New SYSOID added to SNMP device Identification data.

Issues Fixed :

Assets

  • AEI-91426: Mail notifications are triggered when an asset state is updated even though the owner remains unchanged.

Purchase

  • AEI-91924: Unable to access Approval tab from approval link in PO approval notification emails using non-login url.
  • AEI-91921: Issue in PO reconciliation when more than one workstation is selected.
  • AEI-91848: Unable to add items while editing a Purchase Order in Partially Received or Received status.

Contracts

  • AEI-91665 : Error thrown on searching for assets while adding assets to Contracts in non-English setup.
  • AEI-91917: Unable to import contract details through XLS import in non-English setups

Issues Fixed 6724 (Released on: 18 December 2020)

Assets

  • AEI-88180: Unable to select assets using barcode in the Return Loaned Assets form.
  • AEI-51869: After associating a product to vendor with cost details, the vendor and cost details are displayed incorrectly while creating/editing an asset based on the associated product.
  • AEI-89546: The OS name of a Virtual Machine in its details page does not correspond with its OS name in the Virtual Machine tab of the Virtual Host details page.
  • AEI-90479: Unable to download the asset attachments in the asset details page.
  • AEI-90800: Unable to select Product in a duplicate asset device details page if the asset is renamed with an existing asset name.
  • AEI-90865: Assets associated with a user/department are displayed while creating a new loan using ‘Scan Asset(s) barcode’ option.
  • AEI-91091: When a loaned asset state is set to In Store, changed to any other state (with owner details updated) and reverted to In Store state, the previous asset state is retained but the owner details are removed.
  • AEI-91998: Agent: SSL security certificate upgraded for agent-server communication.

Software

  • AEI-90857: In the scanned software list view, the compliance type filter is applied even when we switch from Managed filter to All Software filter.

Vulnerability

  • AEI-91141: Security vulnerability in client logging.
  • AEI-91137 : Privilege escalation vulnerability when downloading file attachments.
  • AEI-91948 : Authentication Bypass Vulnerability during SAML login.

Behavior Changes 6723 (Released on: 04 December 2020)

  • AEI-89502: Password is not mandatory anymore while importing users via CSV files.
  • AEI-89751: An alert message stating maximum number of assets that can be added via barcode generation is displayed under Assets >> Barcode >> Barcode Generation >> Generate barcodes and add assets.

Enhancements

  • AEF-91315: IP address field is added as a column to the Mapping Document generated after printing barcodes under Assets >> Barcode >> Barcode Generation >> Barcode Generation for existing Assets.

Issues Fixed

CMDB

  • AEI-90176: New CIs added under Application Server, Database Server, and File Server are not reflected in the CMDB List View.
  • AEI-85524: While editing support group via CMDB, the edit form name is displayed incorrectly.

Purchase

  • AEI-91127: Unable to receive service items if the quantity contains decimal values.
  • AEI-68981: Excessive parameters passed when a software license is received in Purchase Order.

Admin

  • AEI-91303: Unable to send notifications when the Office365 mail server is configured using SMTP in some cases.
  • AEI-90765: User Personalized Time format is applied to AD Import schedule.
  • AEI-91034: Import of scanned data to Central Server fails due to invalid XML characters.

Enhancement 6722 (Released on: 18 November 2020)

  • AEF-89680: Feature Policy security response header is added to Advanced Security Settings to allow/restrict features in various browsing contexts.

Vulnerability

  • AEI-90489: Password is sent as plain text over the network during scan and in User module.

Behavior Changes 6721 (Released on: 03 November 2020)

  • AEI-90530 : User consent while saving OAuth settings will not be required if Admin consent is granted in Azure AD.
  • AEI-83377 : Comma separated multiple values can be added in Access-Control-Allow-Origin response header under Security Settings.

Enhancements

  • AEF-90084 : Support for both SAML single sign-on and NTLM single sign-on.
  • AEF-90031 : Option to enable/disable “Keep me signed in” feature under Admin>>General Settings>>Security Settings.

Issues Fixed

Vulnerability :

  • AEI-90390 : Privilege Escalation vulnerability when adding attachment for Purchase order.
  • AEI-89464 & AEI-89409 : Security response headers have been added for few URLs.
  • AEI-90388 : XSS attack vulnerability in Name parameter of Network Scan page

Assets :

  • AEI-88332 : Unable to remove asset loan details, without modifying the Asset Owner.
  • AEI-90541 : Domains are not listed after selecting sites while adding or editing assets.
  • AEI-90488 : While scanning HP-UX workstations,
    1. Invalid data is populated for some fields.
    2. IP address of the workstation is not fetched in some cases.
  • AEI-89688 : While authenticating SNMP devices, the application does not authenticate using version 2 credentials if version 1 credentials fail.
  • AEI-89749 : Asset Loan expiry notifications are not sent for recently expired assets if the periodic notification is disabled.

CMDB :

  • AEI-90473 : Error thrown while fetching CI attributes of MSSQL devices.
  • AEI-90158 : Incorrect error message is displayed if the product name is not provided while adding CIs.

Software :

  • AEI-89452 : Unable to delete attachments from the Software license details page.
  • AEI-90159 : License List view in Software details page keeps loading when additional fields are selected in Column Chooser.
  • AEI-90637 : Error thrown on clicking scanned Operating System software name in some cases.

Purchase :

  • AEI-88848 : In Purchase Orders, the approval levels and number of approvers in each level is now limited to 10.

Admin :

  • AEI-89689 : Notification sent to the user is hard coded if the attachment size is greater than the configured one.
  • AEI-89758 : Unable to configure “Expect-CT” response header under Security Settings.
  • AEI-89127 : Users can now choose to skip sending updated passwords as email notification while configuring the backup schedule.
  • AEI-88573 : Error thrown while dissociating technicians from associated sites.
  • AEI-89206 : The Impact Description field length is increased to 3500 characters under Admin >> Impact.

General :

  • AEI-89049 : Users are able to modify workstation type while adding/editing workstations in remote server.

Behavior Changes 6720 (Released on: 08 October 2020)

  • AEI-89130: Pagination Import is enabled for all LDAP servers.

Issues Fixed

Assets :

  • AEI-88699: Unable to remove the Vendor associated with an asset from the Edit Asset page.
  • AEI-87868: Unable to change Asset State from Asset list view on migrating from 6708 to the latest build.
  • AEI-89186: Unable to auto-assign assets in bulk when the display filter is set to show 250 assets in the asset list view.
  • AEI-89241: Bulk-deleting assets before the asset list view is loaded redirects to the Session Expired page.
  • AEI-88924: Unable to push data from the remote server to central server when the remote server which contains custom CI Attributes created via SNMP.
  • AEI-90006 : Certain assets are moved to the disposed state before the time period configured in the option Delete/Dispose workstations and servers that have not been scanned in the last <n> days under scan settings.

Software :

  • AEI-89472: Values entered with a line break are displayed as a single line in several fields in License Agreement details page, Software details page, Service Pack details page, and License details page.

Admin :

  • AEI-89323: In some cases, emails sent via SMTP are delayed due to DNS lookup during EHLO command.
  • AEI-89478: Email validation fails when the last part of the domain name is more than 4 characters in send a sample mail section.
  • AEI-89168: Employee ID field and User Additional Fields are not updated during LDAP User Import.
  • AEI-89392: The Search Filter field limit is increased to 2000 in LDAP.
  • AEI-89605: On clicking the Spell Check icon, the content in the Editor is deleted.
  • AEI-89411: Adding bullets or numbered list inside a table leads to breakage in the columns.
  • AEI-89057: While adding SSH credentials to the Credential Library, multi-line input is not accepted in the Private Key Field.
  • AEI-89185: In some cases, OIDs configured in Device Inventory are not applied during SNMP scan.
  • AEI-88069: Error thrown while removing inactive support groups during technician update.
  • AEI-89466: Unable to create new default CI attributes under Admin >> Configuration Items in certain scenarios.
  • AEI-88479: Error thrown while updating an asset via API when only the Asset Tag is used as the criteria.
  • AEI-89350: Unable to edit the name of a custom created role.
  • AEI-90016: Unable Add/Edit Roles when the application language is set to French.

Reports :

  • AEI-69724: Unable to generate Audit Reports after restoring backup data.
  • AEI-88476: URL generated from the Search Query Reports drop-down in Query Editor is not updated in the application.
  • AEI-89151: The cell width of encrypted columns is not aligned properly with the header in Query Reports.
  • AEI-89529: Unable to view Query in Frequently Asked Reports.
  • AEI-89454: Graphs in reports are not displayed while exporting reports as HTML and mailing it via scheduled reports.

Enhancements 6719 (Released on: 29 September 2020)

Framework Upgrade Information

Tomcat upgraded to 9

jQuery upgraded to 3.4.1

AEF- 79224: Disable Concurrent Login

You can now disable concurrent user login from different IP addresses.

AEF-89322 : Email based login is now supported via SAML Authentication.

Issues Fixed

Vulnerability :

  • AEI-89208 : DoS vulnerability

Assets :

  • AEI-88028 : Font and text alignment discrepancies in Am I Compliant pie chart under Asset >> Software Summary >> Software Dashboard.

Admin :

  • AEI-88679 : Error thrown on clicking the notification showing the deleted technician-count after AD import.
  • AEI-85192 : During AD Authentication, user with login name containing diacritic characters are duplicated when login name is entered with normal characters.
  • AEI-82284 : User import fails when the user has an undefined value in the mapped field in AD for a respective picklist field
  • AEI-89398 : During AD import, the progress bar in not updated when AssetExplorer build is configured as remote server.

Reports :

  • AEI-88358, AEI-88380 : Performance issue in Query Reports.
  • AEI-88027 : Queries are modified unnecessarily in Query Reports.

Community :

  • AEI-87571 : Language preference set to browser default language is not reflected in the Health meter if the browser default language is non-English.

General :

  • AEI-87647 : LDAP login fails if the password contains non-English/unicode/special characters.
  • AEI-88407 : Unable to set timezone during PGSQL setup upgrade when installing a 32 bit binary file in 64 bit OS.
  • AEI-88802, 87603, 87573, 87575: Language preference set to browser default language is not reflected in the list view columns if the browser default language is non-English.
  • AEI-89051: File not found error thrown during patch upgrade in 6706 build and above.

Behavior Change 6718 (Released on: 24 August 2020)

  • AEI-87553 : When a technician whose login is disabled is re-imported via Active Directory, the login permissions will remain disabled.

Enhancements

  • AEF-87639 : The grand total cost of the items is displayed in Purchase Request details page.
  • AEF-84541 : Glowroot is now bundled with the application.
  • AEF-89025 : Ability to set duration after which the user will be logged out of an inactive session.
  • AEF-88182 : Allocating the same OID for two different devices is now supported.
  • AEF-82344 : Asset Explorer now supports SCCM integration running their databases in non-default MSSQL instances.

Issues Fixed

Assets :

  • AEI-88705 : Security error thrown when decimal values are added to the barcode label properties.
  • AEI-80143 : Assets having printers with same name but different server names get overridden.
  • AEI-89048 : The Available tab under Assets >> Software >> Scanned Software >> Software details page >> Licenses keeps processing for downgraded software.
  • AEI-89040 : Error thrown on clicking Show assigned only option while associating workstations to users.
  • AEI-88060 : During asset scan, non-pingable SNMP and Cisco IP phones are added as unknown devices if the asset scan fails.

Purchase :

  • AEI-88510 : Unable to create PO from PR if vendor services item names has more than 150 characters.
  • AEI-88461 : If a requester chosen as an approver of PR, the next level approval notification is not be sent.
  • AEI-87570 : The Close PO button under Actions menu in purchase details page is not translated to the browser default language.
  • AEI-87184 : Product Types are not listed alphabetically in the Purchase Order form.
  • AEI-88703 : In Purchase Request approval notifications, the additional fields added as variables are not fetching the purchase request details.

Admin :

  • AEI-88462 : Non-English characters in sites configured in central server are displayed as ? in remote servers.
  • AEI-88152 : An unclear error message is shown if the .pfx file used to install SSL certificate has unsupported password encryption.
  • AEI-87933 : When importing users along with their managers via LDAP import, the Reporting To field of the user details is not updated.
  • AEI-87380 : Changing a technician to a requester results in duplicate entries of the action in User History.

Reports :

  • AEI-88562 : In reports, the date filter does not work properly for US timezones.
  • AEI-88099 : If the details of a printer associated to workstation is edited, the changes are not reflected in Audit Report.
  • AEI-82572 : In Contract Notifications, the contracted date and expiry date are displayed in incorrect format.
  • AEI-88405 : In Advanced Filters in reports, the None criteria change to Null criteria is not handled for existing reports.
  • AEI-87616 : Date filter criteria in custom reports is not based on user’s time zone.

Community :

  • AEI-87844 : In some environments, Health Meter fails to load with a null pointer exception.

General :

  • AEI-88516 : Masterkey password is not validated during MSSQL database configuration.
  • AEI-88375 : Performance issue.
  • AEI-88314 : In some scenarios, login via SAML fails for specific users in Chrome.
  • AEI-85912 : In MSSQL setups, the threshold notification email for log file size displays an incorrect value.
  • AEI-89377 : AD Authentication fails if Enable Domain During Login option is disabled in Security Settings.
  • AEI-88915 : Restore fails with inappropriate exception in MSSQL database when duplicate entries are found in softwarelist/softwaremanufaturer table.

New Features 6717 (Released on: 05 August 2020)

Theme

  • Customize the application’s default color and font. Apply the theme settings for all users or allow each user to select their own color and font.
    Admin >> General Settings >> Theme

Change Password Redirection

  • Option to redirect users, who log in for the first time, to the change password page
    Admin >> General Settings >> Security Settings >> Password Policy.

Clear text password transmission

  • Encryption support added for user password on the application login page.

Reports Enhancements

  • Option to reorder all reports under a folder and also personalize the reordering by user.
  • Option to search reports and report folders from the reports global search.

Framework Upgrade Information 6716 (Released on: 23 July 2020)

  • AEI-88193: Handlebars upgraded from v4.0.5 to v4.5.7.

Enhancements:

  • AEI-88486: Edit HTML button is added to email notification templates.

Behavior Change 6715 (Released on: 07 July 2020)

  • AEI-85916 : Loaned assets need to be returned or moved to the In Store status before getting transferred to other users by using CMDB API.

Issues Fixed

Assets

  • AEI-86955 : Technician is not notified when an asset is assigned, even if the Notify user when the asset is assigned to the user notification is enabled
  • AEI-86908 : During CSV import, the site details of the assets is not updated when the location field value is not given.
  • AEI-85764 : Unable to edit Site details of an asset when the asset state had been changed from In Use to In Repair.

Purchase

  • AEI-87020 : The PO acknowledgement mail URL becomes invalid as the §ion parameter is converted to §ion in some browsers.
  • AEI-85398 : Unable to remove cost-type purchase additional fields in the admin module.

Contracts

  • AEI-88179 : Unable to save contracts if values of additional fields contain more than 100 characters.

Admin

  • AEI-86700 : The audit status of assets imported into the central server from a distributed scan is set to success, even though the assets have no audit information.
  • AEI-87806 :
    a. Schedule Scan is not disabled when switching from Enterprise edition to Standard edition.
    b. Exclude devices feature under Admin >> Windows Domain Scan >> Add/ Edit Domain is displayed for Standard edition.
  • AEI-85607 : In Postgres setup, the database connection is not closing automatically even after successful restoration from a backup file.

Reports

  • AEI-85085 : Unable to generate a saved report if both the custom report and query report are executed in parallel.
  • AEI-86964 : Error thrown while generating custom reports when the character count of filter criteria under advanced filters exceed 1000.

General

  • AEI-85348 : No records get fetched when System Log Viewer is filtered based on Performed by attribute with the value “System.”

New Feature 6714 (Released on: 29 June 2020)

  • AEF-22829,24484,64434,74127: User Bulk edit
  • You can now edit details of multiple requesters or technicians simultaneously. Bulk operation support is also added for other actions like Change as Users, Assign to Department, etc. Click here to know more.

Behavior Changes 6713 (Released on: 24 June 2020)

  • Support for Asset Servlet API is discontinued from this version.
  • Performance Settings and Quick actions functionalities are removed from the Remote Server application

Issues Fixed

Vulnerability

  • AEI-57705 : Cross Site Scripting vulnerability while adding attachments.

Reports

  • AEI-87058 : Unable to make copies of existing bar chart reports using the Save report as option.

Issues Fixed 6712 (Released on: 17 June 2020)

  • AEI-85633: In Windows workstations, scan data generated by the standalone audit is not posted to the server despite returning a success message.
  • AEI-84768: Issue displaying all users in the requester combo-box when a purchase request is created/edited by a user with SDAmin role.
  • AEI-88117: Unable to add workstations by scanning barcodes if the “Barcode as ServiceTag” option is enabled.

Issues Fixed 6711 (Released on: 10 June 2020)

  • AEI-87860 : Remote code execution vulnerability in product InstallShield.
  • AEI-87858 : Unable to add/update a Purchase Order if the order ID has a string value in it
  • AEI-87801 : An error message is thrown while scanning a machine from the Actions tab under Assets in a Spanish language setup.
  • AEI-87067 : Upgrade fails as the file ZohoReportAPIClient.jar is not accessible.

Framework Upgrade Information 6710 (Released on: 29 May 2020)

  • Postgres upgraded from version 10.5 to version 10.12

Behavior Changes 6709 (Released on: 19 May 2020)

  • Custom Settings button in scheduled reports will be displayed only for users with SDAdmin access.
  • Going forward Purchase Request / License Agreement additional fields can only be added from the Admin tab and not from Purchase Request/License Agreement.

Issues Fixed

  • AEI-66823 : BREACH attack vulnerability.
  • AEI-87472 : An error occurs while adding a new support group.
  • AEI-87303 : Unauthenticated users are able to change the installation status of deployed agents reported by “Luis Alfredo Nunez Rincon”

Issues fixed 6708 (Released on: 08 May 2020)

Admin:

  • AEI-87281 : An authentication error is thrown while configuring OAuth and signing in using the authentication pop-up window.

Issues fixed 6707 (Released on: 05 May 2020)

Vulnerability:

  • AEI-72752 : HTTP to HTTPS redirection is not done for a particular URL in the application login page.
  • AEI-84874 : Clipboard Data Stealing Attack vulnerability.
  • AEI-66823 : BREACH attack vulnerability.

Issues fixed 6706 (Released on: 21 April 2020)

Vulnerability:

  • AEI-86635: Stored XSS vulnerability in Asset Contracts.

Assets:

  • AEI-84442: During Asset Scan, the Cisco IP Phone asset attribute is not updated with the scanned value.
  • AEI-84465: In the user-selection dropdown, searching for users with the wildcard character asterisk(*) does not fetch matching results.
  • AEI-84868: The field name Warranty Expiry Date is shown with different Chinese characters in Asset Addition form and the Asset Details page.
  • AEI-84906: During import of workstations and servers from CSV files, the Asset State gets reset to In Store when the device name is changed.

Admin:

  • AEI-85210: Unable to change the product type from non-consumable type to consumable type while editing the product details.
  • AEI-85267: In Credential Library, the private key is not encrypted for Telnet/SSH credential type.
  • AEI-85481: Error thrown while invoking an API to fetch asset details with multi-value fields in the <returnFields> tab after generating a summary report or matrix report.
  • AEI-85507: Technicians with full asset module permission and EnableCMDB role cannot view the Add Relationship button or the List view for users CI type.
  • AEI-85814: Unable to fetch Manufacturer Serial number for Cisco switches.

Reports:

  • AEI-85225: In custom purchase reports, choosing Vendor in advance filter lists values for Site.

General:

  • AEI-84120: Performance improvements.
  • AEI-84220: Performance issue while loading the User list pop-up window.
  • AEI-85630: The value for security response headers under Security Settings is limited to 100 characters.

Behavior Change 6705: (Released on: 23 March 2020)

  • UTC coded time fields in the Active Directory mapped to single/multi-line user additional fields will now be displayed as a long value equivalent to date in AD server.

Issues Fixed

Assets :

  • AEI-85248 : When an SNMP device with an unknown model is scanned, no warning is shown.
  • AEI-85096 : Assets with the Requires Scan option disabled under the asset state are getting scanned when brought in through the delta scan.
  • AEI-84793 : In some scenarios MAC addresses of SNMP devices are getting populated with empty values during an SNMP scan.
  • AEI-84714 : When we try to print barcodes ( 7 - 8 characters) that have been generated, the barcodes do not get printed within the label in some cases.

Purchase :

  • AEI-85050 : Unable to embed templates in purchase email notifications.

Admin :

  • AEI-85264 : Unable to add more than 10 items in User Additional Fields of pick-list type.
  • AEI-85059 : Unable to delete Department after migrating to 6600.
  • AEI-84374 : After migrating to version 6600, unable to import Active Directory attributes of type UTC coded time mapped to additional date/time fields.
  • AEI-85401 : Unable to save a support group if its name is used in an other site.

Reports :

  • AEI-84321 : Query report fails when column alias name contains a space.
  • AEI-84377 : In reports, numeric fields erroneously display ‘0’ instead of ‘null’ for undefined values.
  • AEI-84364 : In report charts, boolean fields contain the database column name instead of the display name.
  • AEI-84468 : Inappropriate results are shown for query reports that contain terms like Requester and Technician.
  • AEI-84385 : The Longtodate function in a query does not work if the query contains another function with more than one argument.
  • AEI-85266 : Error thrown when CMDB API variable is executed immediately after generating a chart type custom report.

Behavior Change 6704: (Released on: 16 March 2020)

  • Agent Uninstall and Agent Remote Control functionalities have been removed from the application.

Issues Fixed 6703: (Released on: 11 March 2020)

  • AEI-82988 : Remote code execution vulnerability in windows agent scan (CVE-2020-8838) reported by Sahil Dhar (xen1thlabs).

Behavior Changes 6702: (Released on: 10 March 2020)

  • Windows agent upgrade option from UI has been removed.

Enhancements

  • AEF-85104 : You can now configure Always On Availability Group (AOAG) from the User Interface.
  • AEF-77957, AEF-84163 : You can now configure the mail server with Modern Authentication (OAuth 2.0) for secure and delegated access.
  • AEF-83455 : In user drop-down fields, the default behavior to list results containing the keyword can now be modified from the globalconfig table to list the results starting with the keyword [Criteria=contains or start_with]

Issues Fixed

Vulnerability :

  • AEI-84331 : CSRF vulnerability in login form.
  • AEI-84444 : CSV and XLS formula injection vulnerability in reports.
  • AEI-84460 : Internal file path disclosure vulnerability in attachments.
  • AEI-85258 : Directory Traversal vulnerability in web remote.

Assets:

  • AEI-84215 : Current book value is not getting updated accordingly in asset financials after the depreciation period ends.
  • AEI-84400 & AEI-84402 : Asset loan information is not changed/modified on editing a loaned asset.

Purchase :

  • AEI-84159 & AEI-83749 : Users without login are unable to download attachments from the PO approval page.
  • AEI-84213 : Unable to create a purchase order with non-English characters in Requested By and Owner fields.
  • AEI-82501 : If the Part number is not chosen in a purchase order then it is displayed as undefined in view page.

Contracts:

  • AEI-70009 : Unable to remove attachments in UI when the original attachment files are deleted in Contracts.

API :

  • AEI-84869 : When we try to update the network details of IT assets other than workstations and servers using the doctool API, the network details do not get updated even though a success message is displayed.
  • AEI-83895 : CMDB: Update CI operation cannot be performed.

Admin :

  • AEI-84191 : When a valid email address starts with special character, it is considered invalid at the security level check due to the regex given for EWS email address in security-generalaccess.xml.
  • AEI-84118 : A support group’s configuration is lost if any exception occurs while saving the support group with the same name as that of an already existing group.
  • AEI-82997 : Under Admin >> General Settings >> Performance Settings, configure email notifications to be sent to the organization admin when the application hits a prespecified disk usage.

Reports :

  • AEI-83416 : For a technician with edit report permissions, edit icon is missing in the first page of a report.
  • AEI-84178 : Performance enhancements in Reports module.
  • AEI-69373 : Data in reports will now be shown based on the user time zone instead of the server time zone.
  • AEI-85025 : Custom Report fails when choosing Date field in Advanced Filters.
  • AEI-85196 : In Reports module, the text None is wrongly translated in Japanese language.

General :

  • AEI-84659 : Restore failure on GlobalPersonalize table in MSSQL.
  • AEI-84698, AEI-84700, AEI-83404, AEI-82357, AEI-83400 : Performance improvements.

Issues Fixed 6701: (Released on: 30 January 2020)

Vulnerability :

  • AEI-83127 : CSRF vulnerabilities in all list views.
  • AEI-83128 : CSRF authentication is not enabled for the URL /AdminHome.do

Assets :

  • AEI-83235 : Unable to push distributed server data into central server if the AD authentication credentials of users are given for central server settings.
  • AEI-42636 : Unable to read non-english characters while running SCCM scan.
  • AEI-84214 : Unable to add a new vendor while importing assets via csv, even if the technician has permissions to add vendor.

Purchase :

  • AEI-84223 : Unable to change the Cost center in purchase requests when we have the same cc ID and owner ID.
  • AEI-83309 : Error occurs when creating a purchase order with an existing order number.

Admin :

  • AEI-83945 : Unable to edit a product containing & symbol in its name.

Reports :

  • AEI-83725 : Reports exported into PDF files contain missing Vietnamese characters, even when the application language is set to Vietnamese.
  • AEI-83182, AEI-83865 : When generating reports, a line break is added after every line in the textarea.
  • AEI-75439 : In some cases, Database sql queries.xml file is corrupted.

General :

  • AEI-83192 : While performing user global search, an error is thrown if the search URL size exceeds 8kb.

Enhancements 6700: (Released on: 20 January 2020)

  • Local Authentication Password Policy Configuration
    Configure and enforce a password policy for all users to ensure better security of the user data.

Framework Upgrade Information

  • JRE Update: JRE updated from Oracle jre 1.8.152 to Zulu openjre 1.8.222 [This is a free version].

Issues Fixed

  • AEI-81253 : Unable to view next page of CIs from relationship list view of an asset instead a error 500 is thoriwn on clicking the next button.

Issue Fixed 6604: (Released on: 23 July 2021)

Vulnerability

  • AEI-96823 : Authentication bypass vulnerability in few rest API urls reported by David

Issue Fixed 6603: (Released on: 29 December 2020)

Vulnerability

  • AEI-91948 : Authentication Bypass Vulnerability during SAML login reported by Zikos.

Behavior Changes 6602: (Released on: 02 January 2020)

  • AEF-83784 : Option to delete a workstation/server or move to Disposed/Expired state, if the asset is not scanned for N days.
  • AEF-83417 : Global search now allows you to search configuration items by name, type, and site.
  • AEF-83785 : Option to skip adding unknown assets by unchecking Add unknown Asset under Admin -> Scan Settings.

Issues Fixed

Vulnerability :

  • AEI-80684 : Weak SSL ciphers vulnerability.
  • AEI-77123 : CSRF vulnerability in non-login pages.
  • AEI-83942 : Passive mixed content vulnerability.
  • AEI-83959 : Reflected XSS vulnerability in the Reports module.

Assets:

  • AEI-83780 : Zero installation software removed from scanned software in software list view.
  • AEI-83712 : An error is thrown when updating Windows Agent Configuration settings in non-windows OS
  • AEI-83225 : The correct application architecture (32 bit or 64 bit) is now displayed in the healthmeter under the community tab.
  • AEI-83782 : Error thrown while rendering Unknown OID list when sysDescription value is null.
  • AEI-83778 : While scanning the assets, Graphic card info is not fetched from Linux Machines
  • AEI-83777 : Unable to connect to SNMP devices using SNMPv3 credentials on MIB Browsers.
  • AEI-84174 : After a configuration item (CI) of the default OS-based CI type is deleted, CIs under other default OS-based CI types couldn’t be edited.

CMDB

  • AEI-84188 : Under CMBD, you can now stop seeing the business view tutorial by clicking Skip.

Admin

  • AEI-84173 : Under Admin >> Credentials Library, additional encryption protocols namely AES256 and AES192 are made available for SNMP V3 credentials.
  • AEI-84091 : Under Admin >> SNMP Configurations >> Configure product for unknown sysOID, users could duplicate models across different product types.
  • AEI-83781 : Under Admin >> SNMP Configurations >> Device Identification, you can now configure Model OID for SNMP devices.
  • AEI-83706 : Font sizes 8 -16 added to the HTML editor.

Reports

  • AEI-83165 : In some query reports, columns couldn’t be sorted in ascending or descending order.

Behavior Changes 6601 :

(Released on: 18 December 2019)

  • Enabling SAML authentication will not disable Active Directory/LDAP authentication and vice versa.
  • The Recent Items option now has a new icon.
  • AEI-79214 : In Reports list view page, public query reports are listed for technicians without permission to create query reports.
  • AEI-83060 : Provision to add a new remote control tool is discontinued.

Enhancements

  • AEF-70808 : Test Mail
  • Test your mail server settings by sending a sample email.
  • AEF-83398: In reports, default reports of Computers with less/more than 256 MB RAM are replaced with Computers with less/more than 4 GB RAM.

Issues Fixed

Vulnerability

  • AEI-82765 : Prototype pollution vulnerability.
  • AEI-80748 : Content spoofing vulnerability in error message pop-ups.
  • AEI-81637, AEI-77407 : A DOS vulnerability is found in the attachments section.
  • AEI-83136 : CSRF vulnerability in base currency of Purchase Orders.

Asset

  • AEI-76470 : In Asset Loan, changing the timezone results in mismatch of loan dates.
  • AEI-78392 : Zero (0) is not accepted as a value in the asset additional field pick list.
  • AEI-81610 : In Assets >> Barcodes >> Print barcodes, clicking the print button displays the page instead of the barcode preview. The issue occurs only in Firefox and Internet Explorer.
  • AEI-81932 : In Assets, the height of the Groups widget is inappropriate.
  • AEI-82002 : When we add assets by generating our own barcodes and then try scanning them, the generated barcodes get dissociated from these assets but continue to persist in the database as orphan values.
  • AEI-81379 : Technician with due permission is not able to exclude a workstation from a scan.
  • AEI-81387 : If several assets are disabled for scan, the system might encounter an Out Of Memory (OOM) error during a scheduled scan in some scenarios.
  • AEI-82445 : Clicking on the “Add New Network” button while attempting a new asset scan leads to an error.
  • AEI-82633 : Unable to push AE data to central server when the proxy is configured.
  • AEI-80661 : VMware machine’s hard disk details are not fetched in workstation scan.
  • AEI-82641 : Issue occurs when two machines are scanned using an agent scan as the auth token generated is same for both the machines.
  • AEI-82721 : Linux machines are not scanned in some scenarios.
  • AEI-80898, AEI-81992 : An inappropriate error message is displayed upon searching an asset in the global search.
  • AEI-82453 : After successful completion of the SCCM scan, the acknowledgement message is not displayed.
  • AEI-82661 : Creating a product type with square brackets in its name leads to security related error while accessing an asset of that product type via the asset list panel.
  • AEI-82830 : Values entered with line breaks in the asset/workstation multiline additional fields are displayed without the line breaks in the asset details page.
  • AEI-81660 : Unable to create a relationship between any two CIs using “Runs or Runs on” relationship type from XLS.
  • AEI-82992 : Web RDP is not shown under the remote control option in asset details page if the OS name does not contain the word Microsoft.
  • AEI-83913 : Agent : SSL security certificate upgraded for agent-server communication.
  • AEI-82446 : Unable to resize the Available CIs column when adding relationship to an asset.
  • AEI-78541 : A dynamic asset group configured for the ‘server’ product type does not include servers of the ‘workstation’ product type.
  • AEI-78118, AEI-82710: When technicians edit details of an asset assigned to them, an incorrect notification mentioning that the technicians have returned the asset is sent out.

CMDB

  • AEI-79892 : Disabled CIs are shown when we try to add a relationship for a CI under the CMDB tab.
  • AEI-80736 : Inconsistency in the order of fields during CSV import of assets.
  • AEI-82510 : Unable to import asset data from CSV if the extension of the file contains uppercase letters.
  • AEI-82686 : When importing an asset from CSV, the asset loan details are not retained.
  • AEI-78583 : Unable to import CSV files of assets with empty numerical fields.

Purchase

  • AEI-80931 : In Purchase request notification, after approval action, the notification is sent to approvers & Created by mail IDs instead of notifying the purchase request’s technician.
  • AEI-81123 : Able to modify the quantity ordered value lesser than the received quantity value in purchase orders.
  • AEI-73568 : Page crashes upon clicking Receive Items in Purchase Order.
  • AEI-81734 : In the purchase order list view, POs due in next 7 days and POs due in next 30 days filters include rejected, canceled, and closed purchase orders.
  • AEI-82969 : Received quantity of a purchase request differs from the quantity in the purchase order when the license gets exhausted in-between the receiving process.
  • AEI-83397 : The value entered in Russian language in the Created by field of a purchase request is displayed as special characters in the approval notification.
  • AEI-83365 : In purchase orders, alert message on entering invalid price does not close until the page is refreshed.

Contract

  • AEI-80900 : Contract expiry notifications are sent even after disabling them.
  • AEI-73561 : The print preview of contracts does not include Description and Support fields.

Admin

  • AEI-81316 : In scheduled LDAP import for two domains, the empty fields of a user in the second domain gets updated with the fields of the corresponding user in the first domain.
  • AEI-81488 : The size of the ‘backupfilepath’ column in the ‘backupschedule’ table has been increased to the maximum size defined in the database.
  • AEI-77617 : After the application data is restored through the command prompt, the command prompt does not close.
  • AEI-81709 : Unable to login via SAML when the application runs in the default http and https ports.
  • AEI-81232 : Non-English users logging in through the Internet Explorer face an error stating "Error while fetching domain".
  • AEI-80235 : Backup failure occurs when a file is saved as “blog” in the inline images folder.
  • AEI-80048 : Wrong translation for the word Others in the Swedish language setup.
  • AEI-82714 : Clicking the back button after adding/editing a role and then clicking the Add New Role button opens a window with the previously entered data.
  • AEI-78315 : In safari browser, on downloading the attachment from preview section the attachment file name is changed to 'true’.
  • AEI-76784 & AEI-77881 : Whenever a non-OS based CI type like Application server or File server is scanned or its OS is modified manually the CI type of the device changes.
  • AEI-82873 : LDAP authentication fails if ‘CN’ was mapped to any field during user import through LDAP protocol.
  • AEI-83383 : Unable to add additional fields in the Admin tab.
  • AEI-83242 : New organizational units imported from AD are hidden in Asset Explorer if the Domain Controller’s letter case had been changed during the import.
  • AEI-82776, AEI-83766 : Improved the French translation of a few admin configurations.
  • AEI-83088 : Under Admin >> Notification Rules >> Contracts, saving message ID in the notification table throws a null pointer exception.
  • AEI-83719 : Technicians imported from the Active Directory via scheduled import are auto-assigned with SDGuest role.
  • AEI-83352 : Performing an API call to modify any asset field also modifies the Total Memory Size and Virtual Memory of the asset.
  • AEI-84024: Chinese characters entered for Region Name, Site Name and User additional fields are displayed in a distorted manner.

Reports

  • AEI-74128 : Purchase order Created date is available as Ordered date in Reports.
  • AEI-80738 : Croatian characters are not displayed in reports.
  • AEI-82836 : Issues in replacing old schema to new schema in Query reports.
  • AEI-82943 : In IE, an inappropriate error message pops up when the Reports module is used.

General

  • AEI-83010 : Unable to create new users through SAML login When the domain is not available in Asset Exploere.
  • AEI-82793 : In some cases, an invalid certificate error is thrown when applying CA certified IdP certificate in the SAML configuration page.
  • AEI-78409 : The default response code for auto redirection from HTTP to HTTPs is changed.
  • AEI-80408, AEI-76175 : Unable to attach files having [] and {} in the file name.
  • AEI-83200 : Unable to run the changeDBserver command in console mode when the application is running in https mode.

Community

  • AEI-82849 : In the System Log Viewer, you can now view the details of a successful user import through LDAP.

Behavior Changes Related to Users in AE 6600 :

(Released on: 21 November 2019)

  • The Users list view will hold all users in the organization i.e both requesters and technicians.

  • SMS Mail ID would be available for all users. Previously it was provided only for technicians.

  • Primary and secondary emails, Reporting To field would be available for all users.

  • Introduction of site scoping for technicians as a part of add/edit roles itself with the option Technician allowed to view. The scoping options provided are All or All in associated sites. Previously site based restrictions would work based on sites chosen on the technician page along with module-level roles chosen.

    How the cases are handled in Migration

    1. If a technician is provided with an Asset Only custom role with certain sites under Restrict site(s), a new role by name Asset Only_SiteRestriction_1 would be created and associated with this technician. This new role with the same module-level scope as the previous Asset Only role and have the option All in associated sites enabled under Technician allowed to view.
    2. If a technician is provided with only EnableCMDB role and sites are configured under Restrict site(s), a new role by name Asset_SiteRestriction_1 would be created and associated with this technician along with EnableCMDB. This new role would have view permission for asset modules and the site restriction.
  • There were only 3 default CI Types representing the Users - People; the parent CI Type and Requesters and Technicians; child CI Types. Any hence any new child CI Type could be created only for Requesters or Technicians. Now, there is just one CI Type i.e Users and any child CI Type can be created under it. This change was mainly introduced as we restrict the CMDB Managers from categorizing the users in the organization either as Requesters or Technicians. With this new model, the CMDB Manager can categorize the users as per their organizational child CI Types.

    1. All the existing relationships of the Users would be retained even after migration.
    2. The relationship attributes created for CI Type Requester and Technician relationships would be lost after migration.
    3. All the CI attributes of People and Requester CI Type (except system attributes) are moved as User additional fields.
    4. All the system attributes of Requester and Technician CI Type are moved to User CI Type during migration.
    5. All the child CI Types of Requester and Technician CI Types are moved under User CI Type.
  • The Technician CI Type has been removed.

  • The CMDB API for requesters and technicians is removed and moved to new APIs. http(s)://:/api/v3/users

New Features

User and Technician additional fields

  • Use additional fields to fetch extra details from the user and technician profiles.

SDSiteAdmin Role

  • Introducing SDSiteAdmin role. Technicians with this role would be considered as administrators of the sites associated with them and for those technicians, the admin tab would be displayed with entities such as users, technicians, departments, and sites.

Issues fixed

  • AEI-82348: Remote code execution (RCE) vulnerability during SCCM scan initiation (CVE-2019-19034) reported by Sahil Dhar (xen1thlabs).
  • AEI-82150: Dynamic notification count is not shown on the bell icon for non-SDAdmin users.
  • AEI-80280: Login details are not closed after clicking the X mark on the login page.
  • AEI-82966: Error occurs after copying a workstation and reopening the details page of the copied workstation.

ManageEngine AssetExplorer 6.5****Issue Fixed 6504 : (Released on: 29 December 2020)

Vulnerability

  • AEI-91948 : Authentication Bypass Vulnerability during SAML login reported by Zikos

Enhancements 6503 : (Released on: 13 September 2019)

  • AEF-65927 : ServiceDesk Plus now supports SAML 2.0, which is an easier alternative to conventional sign-in methods already available for online services. Users will no longer have to provide passwords specific to each service they access. Configure SAML single sign-on from Admin >> Users >> SAML Single Sign-On. To learn more, click here.

Issues fixed

Vulnerability

  • AEI-77197 : Vulnerability in query report generation.
  • AEI-78239 : CSRF vulnerability when performing add/update/delete operations under some admin configurations.

Assets

  • AEI-78503 : French characters are not displayed properly for auto populated fields (Department/Site) in the Assign/Associate pop-up.
  • AEI-78292 : While trying to import a non-IT product type via CSV, it gets added as an IT product type.
  • AEI-76865 : Improved the UI of Add Asset/Component pop-up window, accessed from Assets >> All assets In Store >> New >> Add asset through form.
  • AEI-80460 : SCCM integration does not populate asset data.
  • AEI-80433 : When the ‘Save’ button in the asset-user association pop-up is clicked more than once, multiple entries are added.
  • AEI-69467 :Virtual machines (VMs) are duplicated instead of getting updated in the following cases:
    • Failed resolution of a VM’s fully qualified domain name (FQDN) in the initial or subsequent scans.
    • Scanning a VM after renaming it in its host.
  • AEI-77556 : Asset and warranty expiry notifications are sent every day from the configured date instead of being sent only on that day.
  • AEI-80313 : Under assets, using Unassigned filter option in the list view page displays an error message.
  • AEI-80209 : Under assets, providing an invalid entry for the cost field does not display an error message.
  • AEI-79086 : While adding a new scan credential an irrelevant error pop-up is shown.
  • AEI-79768 : Workstations with Mac OS are not getting inventoried if the soundcard details are missing in the workstation.
  • AEI-78286 : Unable to view all IP addresses of an asset in the asset details page. You can now view them by expanding the IP address(es) displayed in the asset title or by clicking View More under the IP Address field.
  • AEI-79205 : In Assign Ownership pop-up if we click the Save button multiple times, the application creates multiple loaned assets

Admin :

  • AEI-80358 : In Admin >> Users >> Active Directory, clicking the refresh button starts importing users from the Active Directory. Also, unable to import users if the Move Assets option is disabled.
  • AEI-80648 : Under Admin >> Users >> LDAP, unable to import users by mapping the Reporting To field when the manager of a user is disabled.
  • AEI-77471 : Technician list view page takes longer time to load.

Purchase :

  • AEI-70968 : Purchase Request additional fields are not getting reflected in the Purchase Request details page after migrating to the latest version.
  • AEI-79670 : Users with full permissions to the purchase module are unable to export the purchase list view data.
  • AEI-79352 : Under Purchase Requests, date fields except created date are populated with incorrect dates.
  • AEI-81135 : A duplicate Item can be saved under Others Category by adding some extra space in the Item field.

Reports :

  • AEI-80239 : If the application runs on a PostgreSQL setup, custom schedules and scheduled reports that use query are not executed.
  • AEI-80356 : Performance issue in Reports.

API :

  • AEI-79361 : Unable to add asset tag by using CMDB API.
  • AEI-79356 : Unable to add/update VM hosts and virtual machines by using CMDB API.
  • AEI-80405 : Unable to add/update an asset’s IP Address by using CMDB API.

Others :

  • AEI-80296 : Migration fails due to inconsistency in the purchase module data.

Issues fixed in service pack 6502 : (Released on: 17 July 2019)

  • AEI-77197 : Vulnerability in query report generation.
  • AEI-79017 : (CVE-2019-12537) XSS vulnerability in search fields of the Purchase module.
  • AEI-79021 : (CVE-2019-12595) XSS vulnerability under Admin >> Discovery >> Remote control tools.
  • AEI-79022 : (CVE-2019-12596) XSS vulnerability in the software list view page.
  • AEI-79023 : (CVE-2019-12597) XSS vulnerability in select actions of the asset details page.
  • AEI-79018 : (CVE-2019-12539) XSS vulnerability in using global search for Purchase.
  • AEI-78402 : (CVE-2019-12959) SSRF vulnerability fixed.
  • AEI-78593 : SSRF vulnerability (CVE-2019-12994) while configuring central server settings in the remote server.

Assets

  • AEI-79436 : Asset details fetched in the delta scan by Endpoint Central are not updated in Asset Explorer while being integrated with Endpoint Central. This initiates a full scan by Endpoint Central.

Admin

  • AEI-78963 : On changing the application from HTTP to HTTPS via Admin Security Settings, outgoing email notifications are not appended with HTTPS as expected.
  • AEI-79498, AEI-79993 : Unable to update the organization details under Admin >> Organization Details

Reports

  • AEI-77343 : Additional filters are not working properly for default purchase reports.

Others

  • AEI-77997 : Performance issue in CMDB and Admin Role.
  • AEI-47525 : Unable to add product by using the Quick Actions menu.

New Features 6501 : (Released on: 20 June 2019)

  • AEF-77576 : Under Personalize, a new date format (dd-mm-yyyy) has been added to choose for the application.

  • AEF-68346 : SCCM Integration

    Extend the capabilities of AssetExplorer to manage desktops and Windows-based applications through integration with Microsoft System Centre Configuration Manager (SCCM). You can use SCCM for asset discovery and also simultaneously update asset data in AssetExplorer.

    Configure SCCM integration under Admin >> Discovery >> SCCM Integration. To learn more click here

  • AEF-67735 : SNMP Device’s OID configuration Enhancements

    • Configure and map Object IDs (OIDs) to SNMP device attributes, which have so far been reserved to the database. This configuration allows you to reassociate available OIDs with the right attributes and also configure OIDs for new attributes.

    Admin >> Discovery >> SNMP Configurations. To learn more click here.

    • MIB Browser
    • The MIB Browser tool allows you to upload and browse MIBs and lets you perform all SNMP operations by configuring SNMP v1, v2 or v3 credentials. Also the tool lets you view the data available through the SNMP agent running on a specific device.
  • AEF-80208 : AssetExplorer’s latest enhancements include the refreshingly new login page UI, revamped application header, easy to navigate configurations-grouping in Admin, provision to add profile picture for technicians, and an overhauled community tab with health meter and latest version information.

Issues Fixed

Vulnerability

  • AEI-78572 : XSS vulnerability while accessing older APIs.

Assets

  • AEI-75025: Incorrect translation of the Mapping Field options under Assets >> Barcode >> Barcode Generation >> Barcode generation for existing assets >> Using Asset Data (Generation Method) in any non-English language.
  • AEI-77414: DoS attack detected during bar code generation.
  • AEI-78115: Under CMDB, the relationship list view inside a CI does not capture all relationships.

CMDB

  • AEI-75553: Unable to update requester’s email id through CMDB API.

Purchase Order

  • AEI-73075: Unable to receive Purchase Orders placed in Assets Category if item name exceeds 100 characters.

Admin

  • AEI-77793: If the user created in AD has only a space included in the department attribute, then after importing the user into the application, department with empty strings are created in Asset Explorer.
  • AEI-77433: Unable to update the product cost under Admin >> Asset Management >> Product.
  • AEI-77947: Line breaks are missing when requests are created in plain text format through EWS mail server.

Others

  • AEI-77843: Domain users are unable to view and generate File Protection Password for their individual accounts.

Behavior Changes 6500 : (Released on: 16 May 2019)

  • Microsoft SQL 2005 will be not be supported anymore. To migrate to the latest MSSQL, click here. Backslashes (\) in any additional field names will not be supported anymore. Any backslashes mentioned in additional fields earlier will be changed to forward slashes after this upgrade.
  • Going forward, if there is any data inconsistency in the application tables, then the migration will not go through.
  • Any inconsistency should be corrected before proceeding with the upgrade. Please contact support if there is any inconsistency during migration.
  • Going forward, installation of AssetExplorer in the non-English installation folder will not work.

Framework changes

  • This upgrade removes JBoss dependency completely and upgrades to Postgres 10.5. Going forward, the application will be connected to Postgres with a specific database user credential instead of a superuser credential for better security. To know about the database user credential, click here.
  • The latest Tomcat upgrade removes the dependency on NIO port and uses WebSockets.

Framework Upgrade Information

  • JRE upgraded from version 1.7 to version 1.8.0.152 (This is a free version)
  • Postgres upgraded from version 9.2.4 to version 10.5
  • Tomcat upgraded to version 8.5.32

New Feature

  • AEF-72153 : Web remote will be supported in Windows 10 OS.

Issue Fixed

Others

  • AEI-77633 : Unable to login to AssetExplorer if the password starts with a special character (£).

Issues fixed in service pack : (Released on: 25 April 2019)

Behaviour change :

  • AEI-74666 : Create a PO without cost.
  • AEI-77489 : Option to hide contact support and license options to non-admins (under Help).
  • AEI-77795 : CI history page now will capture CI add operations.

Issues Fixed

Assets :

  • AEI-76533 : Option to prioritize sysName over the DNSName for choosing a deviceName during SNMP scan.
  • AEI-74424 : Relationships tab appears blank when CIs are moved from one CI type to another.
  • AEI-65756 : Unable to update an asset’s barcode through add asset form and CSV file.
  • AEI-71862 : Technicians with full access to Assets is unable to edit assets that are not associated with any site.
  • AEI-77134 : VMware scan fails when VM is not resolved in the DNS.
  • AEI-76681 : For Cisco IP phones, success status is not updated.
  • AEI-76263 : Software license allocation is not updated when software allocated to any installation is deallocated. This results in data inconsistency in software licensed and unlicensed list views. Assets --> Software-> Scanned Software list view
  • AEI-76438 : Unable to scan SNMP Devices of a particular Device Type (Lexmark Printer, 3Com Router, Xedia Access Point, Room Sensor, Avtech tempager Room Sensor).
  • AEI-77272 : To avoid slow performance while viewing assets’ audit details, an index is created on the AUDITTIME column in the AUDITHISTORY table.
  • AEI-77444 : Asset Explorer mobile app issues have been fixed.
  • AEI-76687 : Alignment issue occurs after adding a shipping and billing address in PR.
  • AEI-69961 : Error occurs when we Add asset through form after filtering the list view based on criteria.

CMDB :

  • AEI-76388 : On clicking More Information, an issue occurs in CMDB business view if the language is set to Arabic. CMDB–>New Business View–>Save Business View–>More Information.
  • AEI-77522 : Unable to update a requester’s department using API.

Purchase :

  • AEI-74665 : Option to choose PO items based on the part number.

Admin :

  • AEI-77650 : Under Admin >> Security Settings >> Advanced >> Add security response headers, the placeholder displayed for X-XSS-Protection has been corrected (semicolon at the end of the value has been removed).
  • AEI-73062 : If we add a new network immediately after editing an existing network under Admin >> Discovery >> Network Scan, it replaces the network that was edited instead of creating a new one.
  • AEI-77439 : Unable to import users from Active Directory (AD) into ServiceDesk Plus if the OUs in AD contain comma at the end of their names.

Reports :

  • AEI-77136 : When we run a query report, the values are coming in decimals. But in the tabular report, the cost value is coming as an integer.
  • AEI-70403 : Empty matrix reports will display an appropriate message regarding the data unavailability.

Issue Fixed in service pack 6213 : (Released on: 12 April 2019)

Vulnerability

  • AEI-77871 : Privilege Escalation Vulnerability in login page issue as specified in CVE-2019-10008 has been fixed.

Mobile app for Asset Explorer has been released (Released on: 21 March 2019)

  • AssetExplorer is now available as iOS and Android mobile apps. Track, scan, and add assets right from your mobile. Take remote sessions of workstations when needed. Check out our app for iOS and Android now.

Issues fixed in service pack 6212 : (Released on: 19 March2019)

Vulnerability

  • AEI-76400 : MIME-sniffing vulnerability in purchase requests.

Assets

  • AEI-76406 : Loading issue occurs when you click the Assets tab if there are more products in the inventory.
  • AEI-76629 : Unable to remove the IP address of any asset other than workstations and servers.
  • AEI-76769 : When the number of barcodes is high, then the print preview does not load all the barcodes.
  • AEI-74111 : Schedule scan takes too long to complete.
  • AEI-76662 : Inconsistencies in displaying the allocated software license key and scanned license key within the application.

Admin

  • AEI-76009 : Employee ID field is not getting imported from LDAP.

Others

  • AEI-76159 : Memory allocation in the bundled PostgreSQL database has been increased. To effect this in Linux installations, you must manually add or modify the following parameter values under /etc/sysctl.conf :
    kernel.shmmax = 536870912
    kernel.shmall = 262144
    Then, execute the sudo sysctl -p /etc/sysctl.conf command to reload the configurations.
    Note: PostgreSQL will not be started in Linux machines if you fail to update the parameters discussed above.
  • AEI-75077 : PUT and DELETE operation in v3 API isn’t working in a few customer environments.
  • AEI-35145 : Displayed calendar text is not translated into non-English languages.

Issues fixed in service pack 6211 : (Released on: 22 February 2019)

Assets

  • AEI-75523 : Out of memory error occurs if we configure Class A IP address full range while performing exclude scan.
  • AEI-73391 : Unable to sort additional attributes of date type in assets and CI list views.
  • AEI-54661 : Duplicate key exception occurs while scanning a workstation which was modified as a Firewall.
  • AEI-71368 : Product Type modification window opened from Actions in the asset details page contains garbled text. The issue occurs only when the application is displayed in certain non-English languages.

Purchase

  • AEI-70162 : Scroll bar is not working in purchase order list view.
  • AEI-70381 : Additional fields are not displayed in the details page of assets and workstations that are added through purchase orders.

Admin

  • AEI-74945 : Currency symbol of Great Britain Pound, Gibraltar Pound, Chinese Yuan, and Japanese Yen is not displayed properly under Admin >> Currency.
  • AEI-69915, AEI-76447, AEI-76849 : An irrelevant error message added under Community >> System Log Viewer for each schedule of Software License Notification.

Software

  • AEI-52669 : Remove Software Installation(s) option introduced in the software details page.

Others

  • AEI-76860 : xalan.jar retained in the PPM file of AssetExplorer version 6202. It has been removed now.

New Feature in service pack 6210 : (Released on: 05 February 2019)

  • AEF-35631 : EWS Support
    Use Exchange Web Services to connect to an exchange server for mail fetching.

Issues fixed in service pack 6210 : (Released on: 05 February 2019)

Vulnerability

  • AEI-69987 : Possibility of information disclosure vulnerability in login page.
  • AEI-75134 : Serialization vulnerability fixed under Admin–>Distributed Asset scan --> Change as Remote server (while importing central server’s site)
  • AEI-35675, AEI-46452 : Restricting File Upload
    Restrict users from uploading vulnerable files to the application by blacklisting them based on file properties such as file extension or file content type. You can allow only specific files to be uploaded by whitelisting them. You can perform these operations by passing database queries.
    Note : To prevent vulnerabilities during file upload, empty file upload will not be permitted anymore.

Assets :

  • AEI-75530 : Alert message in unnecessarily displayed while moving assets from one department to another (which is not associated to any site).
  • AEI-74769 : Assets in the loanable assets list disappears after performing a scan.
  • AEI-74313 : Breakage : Assets : Comments field shown while changing an asset’s state is also shown while editing an asset.
  • AEI-71613 : Virtual machines having the same name but in different domains replace each other when scanned.
  • AEI-74808 : Previous day of the loan date is shown instead of the current date in the loan registry list view while extending the loan.
  • AEI-73277 : Deleted product types are shown in the Purchase and Asset modules’ Product Type filter.

Software :

  • AEI-75098 : Scanned software list view is not getting rendered after selecting the site filter.
  • AEI-73547 : When a technician assigned to a site creates a license, it gets assigned automatically to the org site if the available site is less than 2. Also, incorrect license count is shown in the software details page.

CMDB :

  • AEI-74085 : Unable to import CIs for a custom CI type when the custom date field has a different format in the CSV and a different format chosen during import.

Purchase :

  • AEI-74362 : Unable to close Purchase Orders created from Purchase Requests. The issue occurs if the Purchase Requests have value for ‘Requested by’ field.
  • AEI-73425 : Item name modified from Admin > Product will get reflected for purchase orders and purchase requests in open status from now on.
  • AEI-70930 : Estimated cost is not updated while adding/editing a purchase request if there are special characters in the Item name for the selected vendor.

Admin :

  • AEI-74250 : Add New Product page is displayed in English after changing the language to Japanese/Chinese from the Personalize tab.
  • AEI-74079 : Users imported from LDAP contain incorrect Site and Department values.
  • AEI-74357 : Space string can be saved as a pick list option in pick list additional fields.

Issues fixed in service pack 6209 (Released on: 31 December 2018)

Vulnerability :

  • AEI-71473 : Vulnerability found in file extraction during the restore process.
  • AEI-72572 : Fixed CRC related issue in restore process.
  • AEI-73218 : Information disclosure vulnerability in Contact Support section under Help.
  • AEI-70638 : Vulnerability: Inappropriate use of HTTP methods while resetting user password.
  • AEI-73855 : Improper server/client side validation vulnerability in an asset list view URL.
  • AEI-73965 : Privilege escalation vulnerability in contracts.

Assets :

  • AEI-71794 : When we push data from a remote server to a central server, even if the scan status of the workstation is failed in the remote server, “SUCCESS” message is shown in the central server from the second time onwards.
  • AEI-74251 : Some details such as Manufacturer, Domain Name, Last logged-in User are not fetched while scanning AIX machines.
  • AEI-74039 : Error occurs while trying to view an Asset’s History tab.
  • AEI-74022 : Unable to change the CI type of a scanned software (both managed and non-managed) to null after associating it to some value.
  • AEI-71805 : Newly created software and software suites do not appear in the list view. The issue occurs if the compliance calculation is disabled in the database while creating.
  • AEI-69814 : While calculating compliance of a child software, the parent software is not checked for compliance.
  • AEI-73723 : Unable to add a software suite for software belonging to the same manufacturer under All Manufacturer filter in software list view.
  • AEI-73831 : Unable to edit the site of a license which is associated with a software license agreement.
  • AEI-72514 : Alignment issue occurs when a value is added for Multi-line asset additional field.
  • AEI-73575 : Unable to view the license list view page from software details page in ppm setups.
  • AEI-74611 : Agent : For the agent-server communication, SHA-1 certificate has been replaced with SHA-256 certificate.
  • AEI-73912 : Asset import through CSV file now supports multi-line values inserted within double quotes.
  • AEI-73916 : After scanning, Cisco IP phones have their State invariably changed to In Store. It has been fixed.
  • AEI-73828 : Under Barcode >> Print Barcode >> Manual, Site of label properties is not saved if Not associated to any site was selected. It has been fixed.
  • AEI-72884 : Technicians (except SDAdmin) couldn’t edit State of assets by using Global edit in the asset details page. It has been fixed.
  • AEI-73881 : Issue occurs while performing a script scan on application running in the HTTPS mode with a self signed or a trusted certificate.
  • AEI-73953 : Unauthorized error message is shown for users while downloading attachments from Purchase Request via non-login URL access.

Purchase :

  • AEI-70012 : Due to the missing screen scroll bar in ‘Add Invoice’ pop-up, users are unable to save invoices in laptops with 14-inch screens.
  • AEI-70441 : After exporting POs, the ‘Created Date’ column has values in a unreadable format.
  • AEI-72729 : Purchase orders get reopened after their closure if they are approved by one of the approvers after closing the PO.
  • AEI-73070 : Product type and product drop-downs in the PO creation form do not display more than 25 results.
  • AEI-73198 : Able to send approval link even when the PO is in invoice Received status.
  • AEI-73552 : Space between words are rendered as '%20’ in purchase request’s approval comments.
  • AEI-73590 : Unable to receive the items in a purchase order if the ordered quantity is extremely high.

CMDB :

  • AEI-72152 : The “Actions” and “New” drop-downs do not appear for certain CI types under the CMDB tab.
  • AEI-73557 : CMDB API: Unable to fetch IP Addresses using API in MSSQL Setup.

Admin :

  • AEI-71882 : Security settings >> Security response headers: After updating the latest service pack, custom security response headers are lost.
  • AEI-73659 : After a missed backup schedule, the backup gets started on the server start time, but then the next backup schedule gets revised to the server startup time instead of the scheduled backup time.
  • AEI-72070 : While importing users through scheduled AD import, only users from the first 10 domains are imported.
  • AEI-74064 : Unable to delete the values for picklist additional fields in CI attributes.

Others :

  • AEI-69465 : Option to download digitally signed service packs
  • AEI-73041 : Out Of Memory error occurs during the backup of directories with large number of files. If you adjust the memory size and complete the backup, Restore will still not be possible.
  • AEI-73154 : Backup restore fails without the fileattachment zip in it. The issue occurs only if the previous backup has been manually terminated.
  • AEI-73506 : Unable to change port number while installing Asset Explorer in Windows machine.
  • AEI-73562 : Incomplete backup files will have the .partial extension to distinguish from the complete backup files with the .data extension. Please note that the incomplete backup files cannot be restored.
  • AEI-67053 : Keystore password is not encrypted.
  • AEI-73927 : While selecting images using the image browser pop-up in CI type page, only GIFs option is shown in the format field.
  • AEI-73116 : During backup, tables which contain Schar and PK columns throws an OOM error.
  • AEI-72102 : During backup, .sql files with data storage exceeding 1GB will be split into multiple .sql files. The new files will be named in the tablename_fileindex format.
  • AEI-69233: Following files have been added to the trimmed backup :
    • conf\Server.xml
    • bin\run.bat (run.sh)
    • bin\startDB.bat (startDB.sh)
    • conf\wrapper.conf
    • conf\web.xml
    • conf\logging.properties
    • conf\TrayIconInfo.xml
    • conf\sdp.keystore

Issues fixed in service pack 6208 (Released on: 24 October 2018)

  • AE-73741 - Technician is unable to access modules. The issue occurs if that technician is created after connection is established with the remote server.

Vulnerability

  • AEI-68374 : External Entity Injection (XXE) vulnerability while processing license XML data (CVE-2019-14693)

Enhancements in 6207 (Released on: 16 October 2018)

  • AEF-70993 - Option to disable automatic delta scan. Admin>> Discovery>> Scan Settings.
  • AEF-73082 - Option to fetch sites instead of typing site name in Central Server Settings. Admin>> Discovery>> Distributed Asset Scan.
  • AEF-61199 - Option to hide the inactive sites. Admin>> Organizational Details.

Issues fixed in service pack 6207

Vulnerability

  • AE-71557: XSS vulnerability found in success/failure message pop-ups is fixed.
  • AE-69428: XSS Vulnerability in the Software Metering graph of the Software Summary page.

Assets

  • AE-70892: In a certain scenario, issue occurs while viewing History tabs of some assets.
  • AE-71049,71127: Error occurs while Auto Assigning assets. The issue happens if the page has more than 150 workstations.
  • AE-71376: Unable to update the WarrantyExpiry date in Diff scan while syncing the asset data from Endpoint Central to SDP.
  • AE-72560: Org Serial Number field is getting duplicated in the CI details page of workstations and servers.
  • AE-72400: Assets that are not associated to any site are not displayed for technicians without site association.
  • AE-71873: There is no managed connection while uninstalling an agent.
  • AE-72411: Agent information of the scanned XMLs from Endpoint Central is now captured in AssetExplorer.

Purchase

  • AE-70632: Unable to enter names with characters more than 30 in purchase orders.
  • AE-70798: When an approver’s name contains characters from a foreign language then these characters’ encoded values are displayed in the Print Preview section of the corresponding purchase orders.
  • AE-69240: Attachment names with commas cause page break in the Purchase Order form.
  • AE-70922: Notification table entry undone after changing the PO status to 'Ordered’.
  • AE-71860: Unable to delete an existing item and add new from PO edit page.
  • AE-72310: Default Sales Tax Rate is not maintained in a PO once a vendor is selected.

Contracts

  • AE-71128: A technician with only “View” permission for contracts can attach documents to it.

Scan

  • AE-70941: The scanned asset/workstation additional field values for a VM host get reset to default values, if configured.
  • AE-72376 & AE-74063 : While scanning CentOs machines with version above 7.2 and Red Hat machines with version above 7, the IP and MAC addresses are not captured.
  • AE-69033: Custom CI type of workstations/servers is not preserved after a second scan.
  • AE-70950: After the scan In AE version 6200, Network scanned status and last scanned time is not updated.

Admin

  • AE-69974: Department drop-down components takes a lot of time to load after clicking on the Add New Cost Center button.
  • AE-70262: Asset CSV import fails when a non-SD-Admin performs the import. The issue occurs if the username field is left blank and only the department name is filled in the CSV file.
  • AE-72303: In Asset details page, the title is not in i18N.
  • AE-69147: CIs under a child CI type is only partially preserved when the child CI is added to a different parent.
  • AE-69156: Unable to access the Standalone Audit page by a technician who though is not an SDAdmin but has the “Scan Now” permission in Assets Module.
  • AE-73357: Technicians (except admins) could not add/edit assets from the left panel in the Home page.
  • AE-71861: Global search under Assets now includes the value in Last Logged In User.
  • AE-73622: UI glitch occurs on clicking expand icon in department field in Cost Center. Admin >> Purchase/Contract Management.
  • AE-73598: Null-pointer exception occurs while adding additional fields.

Software

  • AE-70080: Incorrect software information stored in the database.

CMDB

  • AE-70564: Under CMDB, unable to delete barcode if more than 100 CIs are deleted in one go.

Remote

  • AE-71612: Security exception occurs during remote access by Web RDP for any non-English languages.

Others

  • AE-73263: GET API for CI Details using criteria is not working in the REST API Documentation tool.
  • AE-70008: Applications installed in an Iphone scanned by Endpoint Central and pushed into AssetExplorer are not listed under the Applications tab.
  • AE-69960: An exception is thrown on clicking the Community Tab.

Issue fixed in service pack 6206 (Released on 04 Oct, 2018)

  • AEI-73564 :Cross site scripting vulnerability is present while viewing the asset details page

New Features in service pack 6205 (Released on 24 Sep, 2018)

  • AEF-63637 : The Asset Loan feature enables you to mark loanable assets; track asset loaning, return, extension, and expiry; and configure asset loaning notifications.
  • AEF-73176 : Configure a password, for both login and non-login users, to ensure secure access to files, such as exported reports, scheduled reports, and exported request list generated from within the application. Enable File Protection Password under Admin>>Privacy Settings.
  • AEF-31037, AEF-45095, AEF-37001 : User import from Active Directory can now fetch Employee ID and ‘Large Integer’ type field accountExpires.

Issues fixed in service pack 6205

  • AE-72109 :XSS vulnerability found in the asset details page is fixed.
  • AE-72080 :Directory traversal vulnerability found in file upload is fixed.
  • AE-71495 :ZipSlip vulnerability found in distributed asset scan is fixed.
  • AE-72568, 69294 :Vulnerability in deletion of default license types is fixed.
  • AE-68282 :No alert message is displayed, warning about the impacted scan types when we enable “Stop uploading scanned XMLs via non-login URL” under the Security Settings.
  • AE-69108 :Security response headers are missing in the login form.
  • AE-71595 :Vulnerability : Able to create a table and copy data in MSSQL.
  • AE-66826 :Vulnerable HTTP method (OPTIONS) disabled.
  • AE-69292 :Vulnerability of an unauthorized user able to create, edit, and delete currency in the application is fixed
  • AE-71491, 71490 :Failure exception message displayed during network scan is fixed
  • AE-70963 :Purchase Requests with similar vendors are not listed in the Associate PR list when trying to associate a PR with a Purchase Order.
  • AE-71359 :Agent : Option to configure the Agent’s TLS Protocols and Ciphers to secure communications from within the Agent side. Configure it under Admin >> Windows Agent Configuration >> Settings.

New Features in service pack 6204 (Released on 24 July, 2018)

  • Privacy settings enhancement:
    • Password protected backup data: The application backup is now protected with a password. The password is required to open the backup file / restore it. This password can be changed in the Admin-> Backup schedule page. Click Edit Scheduling and input the backup password to change the backup password.
    • Anonymize deleted users: Option to anonymize deleted users from the Users list.
      Limitation :
      Reports will not display any of the encrypted fields.
      The MasterKey password cannot include non-English characters.
  • AEF-61713, AEF-61890, AEF-62294, AEF-63690: Business view : Option to view and manage the saved relationship maps of CIs from one place.
  • AEF-63961, AEF-63674 : Purchase order enhancements: Option to create a purchase order for non-asset purchases such as training and services.
  • AEF-70397 : Support for ‘Greek’ language in Asset Explorer.
  • AEF-71169 : Support for ‘Lithuanian’ language in Asset Explorer.
  • AEF-65490 : User merge tool : Option to merge duplicate requesters.
    Find the feature at Admin >> Users >> Requesters.

Issues fixed in service pack 6204

Vulnerability

  • AEI-66006 : Vulnerability in the storage of private key for scanning Linux devices is fixed.
  • ****AEI-67142 : XSS vulnerability in “Manage Folder” section of reports.
  • ****AEI-67891 : XSS Vulnerability in scheduled reports.
  • AEI-68547 : Vulnerabilities fixed in user search.
  • AEI-71123 : Vulnerability in the login page as domain filtering is not enabled.

Admin

  • ****AEI-61872 : Unable to save a password with special characters in credentials library.
  • ****AEI-67623 : Insecure storage of passwords in credential library.
  • ****AEI-71029 : AD import doesn’t start if more than 300 OU’s are selected.
  • AEI-40643 : User-defined fields are allowed to be imported using LDAP.
  • AEI-66169 : Alternative mail server configured under ‘Outgoing’ mail server settings does not work.
  • AEI-69473 : Account lock option is enabled by default in fresh installations.
  • AEI-69952 : Department name gets duplicated during LDAP user import if the department name has some trailing space.

Reports

  • ****AEI-35320 : Exception occurs when executing a query with ORDER BY clause under Reports–> New Query Report.
  • ****AEI-60523 : Custom report output containing boolean and date fields are right aligned.
  • ****AEI-67835 : Unable to generate “Audit History by Workstation” report.
  • ****AEI-68477 : In matrix reports, clicking on the currently selected tab changes the tab but not the content.
  • ****AEI-68511 : Exception occurs when same column name is given in “then group by” select options.
  • ****AEI-68512 : Exception occurs in custom report’s filter if there is no value specified in the criteria’s value field.
  • ****AEI-69454 : In CI History and Audit reports, when you miss out From/To date and update them, an untranslated error message with just the key in it is thrown
  • ****AEI-69611 : SQL injection in query report.
  • ****AEI-69615 : Print preview page in reports comes with large space between passages.

Issue fixed in service pack 6203 (Released on 10 July, 2018)

  • AEI: 70918 : Unable to start the server when the application is launched using the desktop icon.

Service Pack 6202 (Released on 23 April, 2018)

New features in service pack 6202

  • AEF:68872 : Auto delta scan: Automatic identification of hardware and software changes by the agent in the client machine and notify the application server to initiate the scan from the server.

Issues fixed in service pack 6202 :

Vulnerability

  • AEI-69461 : Vulnerability issue related to assets.
  • AEI-69294 : Vulnerability issue related to default license types.
  • AEI-69302 : Vulnerability issue related to assets.
  • AEI-69460 : Vulnerability issue related to associating workstations.
  • AEI-69302 : Vulnerability in asset details page is fixed.
  • AEI-58456 : Vulnerability issue during server-agent handshake.
  • AEI-66584 : Vulnerability in credentials library is fixed.
  • AEI-68070 : Vulnerability in the purchase order list view search is fixed.
  • AEI-66403 : Vulnerability in add new contract page is fixed.
  • AEI-68516 : Vulnerability in contracts is fixed.
  • AEI-56921 : Vulnerability in Agent is fixed.

Dashboard

  • AEI-69056 & AEI-67925 : Incorrect information is displayed in the asset dashboards’ 2d bar graphs.

Scan

  • AEI-68985 : SMBIOS information is not getting fetched while scanning a workstation.
  • AEI-68339 : Unable to fetch the “last logged in” user’s information using script scanning in Linux machines.
  • AEI-68056 : Sound card information does not get updated even though it is present in scanned XML for all XML scans.
  • AEI-70119 : Distributed asset scan fails when the domain name contains space in the central server settings.
  • AEI-70555 : NullPointer Exception occurs when processing OS information scanned and pushed from ManageEngine Endpoint Central.
  • AEI-66609 : Processor (CPU) changes are not reflected in the history tab during a scan.
  • AEI-67320 : Unable to fetch the “last logged in” user’s information during Mac machines scan.
  • AEI-68136 : Based on the sysdescription, incorrect model names are assigned to snmp devices. Because of that unknown models are not listed in unknown OIDs list.

Agent

  • AEI-70590 : Agent upgrade is delayed in build versions with the latest framework change.
  • AEI-70606 : Able to configure the Windows agent by using the CSRF vulnerability.

Remote

  • AEI-66809 : Web remote session continues even after logging out of the application.

CMDB

  • AEI-66317 : Business impact data is only partially shown in the drop-down in add new CI type page.
  • AEI-69531 : When you edit a child configuration item (an asset with OS unspecified) manually or through API, it is moved into the parent CI.
  • AEI-69541 : Users are not able to update requester’s login name and domain name through CMDB API.

Software

  • AEI-69053 : NullPointer Exception occurs while allotting CAL for users.
  • AEI-67584 : Wrong warning message is shown while deleting software licenses.
  • AEI-53608 : Multi Line License additional fields are not shown in the Software License CSV import page.
  • AEI-67428 : Software suite is not getting deleted in a workstation’s software list even if there are no software in the workstation.
  • AEI-69431 : Software license keys are limited to hundred characters.

Purchase

  • AEI-69215 : When a PO is edited and the approval process is initiated for a second time, then the approval process faces a breakage.
  • AEI-69017 : If a Product’s Name contains ‘_’ while creating a PO from PR, then that name does not populated in the New PO Form.
  • AEI-68912 : In Purchase Requests’s approval notification mail, values for udf-char variables are wrongly replaced.
  • AEI-68659 : While creating a purchase order, the cost center lists names instead of the codes.
  • AEI-68285 : If the default terms and conditions for purchase orders exceed 3500 characters, then the PO is not getting saved.
  • AEI-68534 : Purchase requests display the Cost centre Name instead of the Cost Centre Code.
  • AEI-67651 : Unable to approve the PR from the Approval tab if a comment is added with special characters.
  • AEI-69876 : Search function doesn’t work while choosing a technician in a purhcase request.
  • AEI-69873 : ‘&’ in a software name is replaced with ‘amp’ in purchase orders.
  • AEI-69216 : When you add a product through a purchase order, and then edit its vendor details under the Admin setup, the vendor details are not updated until you specify the Warranty Period.
  • AEI-69501 : Inline search doesn’t work after searching a purchase order in the global search.
  • AEI-69483 : When technicians are deleted while being associated to purchase requests, they continue to list in the Technician drop-down of new purchase requests.
  • AEI-68662 : Unable to close the error message pop-up that appears when a purchase order is saved without filling the quantity field.

Contract

  • AEI-69067 : If a contract has special characters as values in its pick list fields then they are changed to empty values while editing.
  • AEI-68813 : Ampersand characters present in the description and support details fields of the add new contract form are not displayed properly.
  • AEI-69442 : Pick list additional field values containing space or special characters are not displayed when creating/editing a contract.
  • AEI-69632 : Users are able to add/remove assets to expired contracts after renewing them.

Admin

  • AEI-69082 : Incorrect error message is shown for duplicate key exception while editing the name of an asset.
  • AEI-69047 : Unable to delete workstations from the “Workstations failed during last scan” list view.
  • AEI-68947 : Asset Probe data is not deleted from the central server after a successful import of remote data.
  • AEI-68258 : Vendor names are not listed alphabetically in the Asset creation form and edit form.
  • AEI-67078 : Unable to search Russian user names in the ‘Choose User’ field of the Asset state pop-up.
  • AEI-65944 : Navigation message for the flexigrid view is not in I18N.
  • AEI-70604 : Able to add and update requester details by CSRF vulnerability.
  • AEI-70041 : When you remove assets from a static group, they are not detached until you refresh the page.

Features in Service Pack 6201 (Released on 11 April, 2018)

GDPR

  • User privacy management : Handle personal data of users (both technicians and end users) in accordance with privacy regulations such as the GDPR. When users exercise their right to be forgotten, admins can anonymize the deleted users’ names to random text and delete the associated PII from the application. Find this feature under Admin >> Privacy Settings

HTML Editor Enhancements

  • Edit email notification content as HTML and use $ to add variables to the content. Find the feature at Admin >> Notification Rules >> Customize template >> Edit HTML.

Issue Fixed in Service Pack 6201

  • AEI-70651 : Vulnerability Issue Fixed.
  • AEI-69331 : Requester deleted from CMDB list view but error message is shown

Issue fixed in service pack 6200 (Released on: 14 February 2018)

Framework changes

  • This upgrade removes the jBoss dependency from the framework, reduces security risk with jBoss, increased performance and quicker startup.

New SCCM Connector

  • New SCCM to AE connector (Mickey lite compatible) is updated in the resources section of the web page [https://resources.manageengine.com/resources/resource/sccm-connector-for-servicedesk-plus-and-assetexplorer]. Download the latest connector zip for integrating SCCM with Asset Explorer.

MySQL support

  • MySQL will not be supported from this version.

ManageEngine AssetExplorer 6.1****Issue Fixed in service pack 6132 : (Released on: 12 April 2019)

Vulnerability

  • AEI-77871 : Privilege Escalation Vulnerability in login page issue as specified in CVE-2019-10008 has been fixed.

Issues fixed in service pack 6131 (Released on: 23 January 2018)

  • AEI-68320 - Option to configure server IP address and edit web server port for agent under Admin - >> Windows Agent Configuration >> Configure.
  • AEI-68841 - Loading issue with “View PO Associated Assets” list view / Global Search with “All Assets” option does not work once we sort the “PO Associated Assets” List view with CIType.
  • AEI-69209 - While adding a product name with special characters for a new software, the auto populated product name is encrypted.
  • AEI-69245 - IE 9 browser support removed, alert message is not shown properly while upgrading through console mode.
  • AEI-69346 - While clicking on the community tab, the following error is thrown "Unable to process your request. Please check the URL".
  • AEI-67022 - Support for infinite scrolling in department’s dropdown similar to that of the user’s dropdown.
  • AEI-69626 - Upgrade failure occurs when a CI type which is created later is made the parent type of a CI type created earlier. Issue occurs when both the CI types are mapped to a same product type.
  • AEI-67606, AEI-66578, AEI-66890, AEI-67081, AEI-67007, AEI-69157 - Vulnerability issue fixed
  • AEI-67633 - ArrayIndexOutOfBoundsException if Serial Number column is sorted in workstation list view.
  • AEI-67356 - Exception occurs in loading users list while assigning users to assets if email is not specified for a user.
  • AEI-67772 - Option to configure the fetch size for individual tables in the database while taking backup.
  • AEI-62900 - Unable to delete attachments from CIs. It’s listed up when refreshing the page even after deletion.
  • AEI-67825 - Error while deleting CIType under which there are more than 10000 assets.
  • AEI-68398 - Unable to receive Software licenses in Purchase orders.
  • AEI-68383 - When windows domain scan fails, it displays “Agent Connection Timeout” error even though the agent Port is open and the machine is reachable.
  • AEI-68854 - Ssl certificate configured for mail fetching and analytics+ is being overwritten by SDP web server’s ssl certificate.
  • AEI-68545 - NullPointerException while importing assets through CSV Import in Professional Edition.
  • AEI-68269 - Unable to scan switches in Network scan.
  • AEI-68936 - Mail fetching error occurs if the server redirection is configured in server.xml.
  • AEI-68949 - CMDB API: Delete CI: The SDAdmin is unable to delete an asset that is not associated to any site.
  • AEI-67750 - A technician with permission to edit assets is not able to reconcile two assets.
  • AEI-68523 - Model doesn’t get auto populated while editing a workstation or server in professional edition.
  • AEI-68978 - Migration fails if we migrate from 9319, 9320 or 9321 to a higher build. Issue occurs while we restore data to a fresh setup before migrating.
  • AEI-69016 - Items associated to the previous vendor are not removed while editing /adding a vendor in purchase order.
  • AEI-69032 - Mail fetching error occurs if the configured keystore file name contains special characters
  • AEI-68937 - Unable to scan SNMP devices during network scan when multiple credentials are configured for it.
  • AEI-69035 - Schedule to clean up duplicated Software CIs.
  • AEI-68799 - While importing assets through CSV, additional fields’ values are displayed as null.
  • AEI-68900 - Comments in the cancelled PR’s snippet view is encrypted.
  • AEI-69094 - UK constraint Exception after migrating to 6129.
  • AEI-66285 - Search through “All Assets” creates a huge load on the server and causes it to crash.
  • AEI-69073 - Technicians (with full purchase permission/access to view all sites) are not able to view PRs created by them if PRs are associated to sites.

Features in service pack 6130 (Released on: 18 September 2017)

  • AEF-63026 : WebRemote feature helps in taking remote session of Windows machines.
    • It is fast, and does not depend on any browser plugin.
    • Since it is HTML5 browser based, remote to Windows machine can be perfomed from any OS/device.
    • This feature uses Microsoft RDP and does not require agents to be installed in the remote machine.
    • The remote sessions can be recorded and played back later.
    • The sessions recorded are captured under asset’s history and request’s notes section.
    • Limitation : Remote sessions to Windows 10 machines is not possible now and would be resolved in one of the immediate service pack as we upgrade to Jre 1.8.

Issues fixed in service pack 6130

  • AEI-67450: Reports: Vulnerability issue in viewing database schema.
  • AEI-39260,AEI-56353 : Asset : Exception while editing dynamic asset group.
  • AEI-59881 : Asset : “All Assets” filter is not displayed if “All Assets In Store” link is clicked after viewing other product type list views.
  • AEI-66424 : Asset : Not showing the depreciation details while adding a new asset or workstation in SDP Professional Edition.
  • AEI-68010 : Asset edit page stalling while trying to load unwanted js/css files.
  • AEI-51451 : Asset : The technicians having Asset View-only role can delete the attachments in asset detail page.
  • AEI-64442 : Asset : The relationship for Virtual machine and host are not showing in relationships tab while updating the server.
  • AEI-65173 : Asset : Listing all Workstation/Server inventoried without site restriction.
  • AEI-67449 : Scan : Privilege Escalation Vulnerability issue fixed while scanning.
  • AEI-59991 : Scan : Users having lower privileges than administrators can view the system log viewer after a scan failure.
  • AEI-52766 : Admin : Removed the unused option to add image under Admin–>Product comments.
  • AEI-60734 : Admin Additional fields : Cannot view a lengthier pick list item in a Pick List additional field.
  • AEI-67619 : Admin : Vulnerability issue fixed in Credential library.
  • AEI-67021 : Dashboard : Count mismatch of Purchase Orders in Asset Dashboard.
  • AEI-65713 : Purchase Order : Empty space in file names are replaced with “+” symbol while downloading as attachments.
  • AEI-63036 : Contract : Cannot open an expired software license from Contract Expiry notification mail.
  • AEI-67559 : Contract : Vulnerability issue fixed in Contract List view.
  • AEI-65115 : CMDB API : Range not working for GET_ALL CI in MSSQL build.
  • AEI-60235 : Vulnerability in Audit Reports has been fixed.
  • AEI-68393,AEI-68394,AEI-68395,AEI-68396,AEI-68397 : Vulnerabilities in asset details page and workstation list view page have been fixed.
  • AEI-68482: Unable to access scheduled activities when the application has MS SQL server as a backend database.
  • AE-66846 : Unable to delete the attached file of a software license if the file name has a “#” symbol in it.
  • AEI-66132 : Admin : Changing the Product Type name updates a Child CI Type and not the parent CI Type.
  • AEI-66804: Default profile picture is not displayed in the ‘view user details’ pop-up.

Behaviour change :

If product type name change has modified the name of a child CI Type instead of the parent CI Type, during migration the child CI Type name is reverted back to the original name and parent CI Type name is modified as the latest product type name. For eg: if product type “IP Phone” is changed as "ABC", then the child CI Type “Cisco IP phone” would have changed to "ABC". Now in this migration, “Cisco IP Phone” CI Type would be reverted back to its old name and “IP Phone” CI Type would be modified as "IP Phone’.

Features in service pack 6129 (Released on: 25 July 2017)

  • AEF-51608 : Option to sync the deleted requesters / technicians from Active Directory to AE application. Once the sync is activated, it will show you a list of deleted requesters and technicians in the active directory from which you can chose to delete the users. You can also enable automatic deletion for requesters, so that when a requester is deleted in the active directory, the requester will be deleted from the AE application as well after a sync.
  • Note: Deleted user sync from the remote server to central server will not be supported.

Issues fixed in service pack 6129

Agent

  • AEI-44820 : Issue in fetching Service Packs/Hotfix while scanning windows machines.
  • AEI-65719 : Agent remote control is not working when DC is integrated with product.
  • AEI-66893 : User account information were duplicated during script scan.
  • AEI-64178 : Fetching last 5 characters of license key when the license key is not available.

Scan

  • AEI-63971 : VMs added in exclude device list are not excluded while scanning.
  • AEI-60286 : Exclude IPs/Devices from scan does not accept any IP range that ends with 100 like x.x.x.100
  • AEI-66623 : Server can be started after migration failure
  • AEI-66226 : Serial number is not fetched while scanning Cisco IP Phones.
  • AEI-66627 : StringIndexOutOfBoundsException while scanning a Cisco IP Phone.
  • AEI-67025 : NumberFormatException while scanning a Switch.
  • AEI-66241,AEI-62091 : Unable to scan Windows 8 to Windows 10 OS machines, if Hyper-V Windows feature is enabled under Control Panel.
  • AEI-65347 : Unable to fetch correct model name for HP printers.

Software

  • AEI-58880 : Software : When the manufacturer for a software is changed from “Others” to "Microsoft", certain individual/volume licenses are moved under CAL.
  • AEI-63987 : Software : While adding a license agreement, the pick list values for custom fields are not loaded.
  • AEI-64441 : Software : Unable to delete the site when it is associated with downgrade software license.
  • AEI-66365 : Software : NullPointerException while deleting certain software licenses imported from CSV.
  • AEI-64172 : Issue in displaying “Add Manufacturer” pop up in “Add New Software” form.
  • AEI-62150 : Unable to change the software types from scanned software list.

Purchase

  • AEI-65673 : Item total cost fields are not restricted to two decimals in purchase request details page.
  • AEI-65804 : Purchase request id jumps by 300 on every restart of the application.
  • AEI-66174 : Unable to open purchase order in new tab from the PO list view.
  • AEI-66527 : The approval link in the notification mail doesn’t work for second level approvers in purchase request.
  • AEI-63126 : Approval limit of Purchase Order of an user is based on base currency instead of currency used in the PO.
  • AEI-65747 : Multiple submit clicks in “Notify the Vendor” pop up in PO results in multiple POs being placed to the vendor.
  • AEI-66200 : On receiving PO, CIs are added to wrong CI types, if the CI type has child CI types.
  • AEI-66679 : Error occurs while canceling a purchase request, if the “E-mail to purchase request’s requester and technician when request is cancelled” option is disabled under Admin --> Purchase Notification Rules.
  • AEI-60797 : “File not found” error occurs while downloading attachments in certain PO’s.

Contract

  • AEI-65883 : Unable to add a new vendor from a contract when a technician has contract full permission role alone.
  • AEI-61754 : Contract currency field displays currency in exponential form.

CMDB

  • AEI-65158 : CMDB API : Unable to add CI if CI with same name already exists under a different CI Type.
  • AEI-65779 : CMDB API : Unable to add a requester CI with login name and password
  • AEI-65787,AEI-65834 : CMDB API : Unable to provide values from 13th asset additional field while adding or updating a CI…
  • AEI-66364 : : CVE-2017-9362 : CMDB API : Vulnerability issue while adding CI has fixed.
  • AEI-65943 : Business Impacts marked as ‘Not for further usage’ are displayed in CMDB.

Admin

  • AEI-66249 : Exception on editing CIs marked as Assets.
  • AEI-58915 : Unwanted 0kb pdf files are attached in mail notifications when no audit changes are detected during Domain/Network scan.
  • AEI-64321 : Failure message displayed during “Delete credential” operation is not translated for Non-English languages.

Report

  • AEI-64303 : Report : Unable to delete the saved advance filter for custom report.
  • AEI-56494 : Report : Renewed contract are also displayed under Reports --> Contracts --> Expired Contracts.
  • AEI-65484 : Unable to view both dynamic and static views of the CI History’s data model under Reports.
  • AEI-65640,AEI-65534 : Unable to run the CI History report when database used is MSSQL.
  • AEI-66677 : “NullPointerException” occurs while generating the schedule report for CI History.

Others

  • AEI-66163, AEI-62126, AEI-62185 : Unable to add attachments for Assets and software licenses.
  • AEI-66816 : OS of Debian machines was not properly identified.
  • AEI-67252 : Scan status with troubleshooting steps displayed in details page of SNMP devices too.
  • AEI-66127 : Error while performing remote control from IE as it required administrative privileges.

Features in service pack 6128 (Released on: 22 May 2017)

  • AEF-59980 : Ability to delete/hide default CI Types and Product Types.
  • AEF-61601 : Configure security settings under Admin >> General Settings >> Security Settings.

Issue fixed in service pack 6128

  • AEI-63979, AEI-65613 : Unable to login to the application when ‘Keep me signed-in’ is enabled.
  • AEI-63928 : Site filter does not get displayed properly for a few admin technicians in Software and new Purchase Request page.
  • AEI-63919 : Unable to migrate the assetexplorer build when servicedesk build is running in same server with 8080 port.
  • AEI-64284 : Barcode column is displayed twice for while creating a new All Assets custom report.
  • AEI-42063 : Prohibited software installation is not notified for new assets identified during network or domain scan.
  • AEI-64078 : Unable to modify the technician for cost center under Admin module.
  • AEI-64196 : Deleted technicians are displayed under "Quick Create - Relationships".
  • AEI-63993 : The text “Software” under Assets tab -->Left panel is not translated for non English languages.
  • AEI-64026 : Unable to view more than 50 products that are associated to a vendor.
  • AEI-64308 : NullPointerException while trying to import Linux machine’s scanned xml.
  • AEI-61695 : Memory details shown in Workstations/servers hardware report is not matching with total memory of the device.
  • AEI-63205 : Exception is thrown if form is submitted without selecting the XLS file while importing CI relationships.
  • AEI-65159 : Ambiguous user error on importing relationships for users.
  • AEI-65498 : Unable to import contracts if date values are not provided in DATE formats supported in XLS file.
  • AEI-62968,AEI-62976,AEI-65533 : Unable to modify the Asset state from the Resources List View.
  • AEI-61679 : In asset details page, the word ‘State’ has been wrongly translated in polish language.
  • AEI-65778 : Location Field is getting reset to null on csv import under asset.
  • AEI-65773 : Unable to scan AIX machine as timeout error occurs while executing a command.
  • AEI-46136 : Error while executing valid query reports with column names containing sql keywords like update, exec, into etc.
  • AEI-66626 : Contract expiry notification mails are not getting sent.
  • AEI-62595 : Wrong scheduled reports are sent to the users if there are more number of reports scheduled at one particular time in some environments.

Behavior change in service pack 6128

  • Behavior change: While importing contracts, there won’t be any option to choose date format for date fields as before. Instead, all date formats supported by excel will be supported if the cell containing date is formatted as DATE in excel. Otherwise, default date format supported will be "dd mmm yyyy".
  • Previously while deleting a CI Type or a Product Type an error would be displayed if there are products under it and the user has to delete the assets and products under it before deleting the CI Type/Product Type. From now on if a CI Type or a Product Type is deleted the user would be displayed with the number of assets and products under it and would be prompted to proceed with deletion. If customer chooses "Yes", the assets and products would be deleted and the corresponding CI Type or Product Type would be hidden. The use can make them active whenever required.

Enhancement in service pack 6127 (Released on: 30 January 2017)

  • AEF-38562 : Option to search POs using additional fields in global search.

Issue fixed in service pack 6127

  • AEI-62152 : Wrong purchase order Id’s are listing in associated asset’s list view in contract edit/view page.
  • AEI-62547 : A site restricted technician can view other site’s VM Hosts/VM Machines in their respective list views.
  • AEI-65306 : While importing assets/workstations through CSV, exception is thrown if the owner’s login name is provided for ownership.
  • AEI-65307 : Updating an asset with ownership details fails during CSV import if the same asset is tried for import without ownership details.
  • AEI-62867 : Unable to copy workstation(s) which have a barcode value.
  • AEI-63607 : Purchase Requests’ additional fields does not get displayed in E-Mail notification template.
  • AEI-65108 : After applying the service pack, Purchase Request additional fields does not displayed in the details page.
  • AEI-65047 : Application server fails to start when the application is installed and service pack is applied with remote mysql database.
  • AEI-62587 : XSS Vulnerability issue fixed.
  • AEI-65380 : Allocated count gets mismatched in Software License details page.
  • AEI-62346 : Custom software type count does not get listed in “Software” dashboard.
  • AEI-64001 : Previously selected “Purchase Request” roles fails to reset when clicking the “Save and Add New” button.
  • AEI-39619 : Vulnerability issue fixed.
  • AEI-21276 : Printer “Serial Number” does not get displayed in Custom Reports.
  • AEI-64422 : XSS Vulnerability issue in Asset Group name.
  • AEI-64260 : Able to delete entry from Unaudited Asset list view by Technicians who have no permission to delete assets.
  • AEI-64139 : The last decimal number after the decimal point of the total cost in PO listview gets removed if the last decimal number is zero.
  • AEI-64138 : PO name containing a backlash ‘\’ displays the name excluding the ‘\’ in the PO List view, after saving the PO.
  • AEI-64087 : Only one Approver appears in the “Approved by” info of PO print preview in case of multi approver.
  • AEI-63929 : Over due PO link in Purchase Order Summary widget gets redirected to ‘All POs’ in listview.
  • AEI-63909 : ‘Invoice Received’ and ‘Payment Done’ notification for the PO does not get sent even though it shows the success message.
  • AEI-61836 , AEI-60137 : XSS Vulnerability issue with Contract fields.
  • AEI-59121 : Newly added Cost Center does not get displayed in Cost Center list view even though it is added.
  • AEI-63937 : Hard disk details are not getting populated during the scan of Linux machines.
  • AEI-39256 : For windows machine, the Ci type is shown as ‘workstation’ instead of 'Windows Workstation’.
  • AEI-63915 : Unable to scan Windows 8 to Windows 10 OS machines, when the Hyper-V feature is enabled.
  • AEI-63705 : Base element CI type is displayed under CI History report.
  • AEI-60783 : Unable to enter licence key if the character is more than 100.
  • AEI-63652 : Scanning a Host does not fetch the Servicetag and IP Address of the machine.
  • AEI-63308 : Vendor name in the workstation listview is rendered blank.
  • AEI-64310 : Reports tab loading issue for non SD-Admin users.
  • AEI-62957 : In the case of the subsequent restore of a backup file after an incomplete restore process, the application server continues the process from the latest table, restored successfully.

Enhancement in service pack 6126 (Released on: 12 January 2017)

  • AEF-63274 : Support for SNMP V3 scan has been introduced.

Issue fixed in service pack 6126

  • AEI-63443 : Buffer overflow error in agent while taking remote control.
  • AEI-63657 : More than one viewer opens up while taking remote control in IE.
  • AEI-65040 : “Certificate has been revoked” error is displayed while taking remote control.
  • AEI-63262 : Microsoft Windows Unquoted Service Path Enumeration error in agent.

Issue fixed in service pack 6125 (Released on: 17 November 2016)

  • AEI-63813 : Vulnerability issues fixed in agent.
    Note: Users are requested to upgrade to latest agent version to resolve scan issues.
  • AEI-65138 : Purchase Order Date additional fields is shown in longtodate format while exporting the PO list as HTML, PDF, XLS and CSV files.
  • AEI-65148 : UI breaks in PR details page when an approval is approved without entering any comment

Enhancement in service pack 6124 (Released on: 09 November 2016)

  • AEF-63885 : Option to view Purchase additional fields from the PO list view.

Issue fixed in service pack 6124

  • AEI-62932 : Unrestricted file size growth of the file startout.log in the product.
  • AEI-64239 : All XSS vulnerabilities are fixed in “Purchase Request” module.
  • AEI-63222 , AEI-63215 , AEI-63210 : XSS Vulnerability issues fixed.
  • AEI-64333 : jmx-console removed from the product.
  • AEI-63930 : Struts related vulnerability fixed.
  • AEI-64372 : Low privileged user can view all assets in some cases.
  • AEI-64111 : Server version discloser vulnerability.

Enhancement in service pack 6123 (Released on: 17 october 2016)

  • AEF-61158 :Enhancement in API documentation tool:
    • Grey themed UI
    • Operation search and Attribute search
    • ‘Group>>Entity>>Operation’ Hierarchy in Table of Contents
    • ‘Sample response’ output for every operation

Issue fixed in service pack 6123

  • AEI-62835 : “Installed on” column value is not proper date format when the list view under Installations tab in software details page is exported.
  • AEI-62970 : Exception while changing requester as technician in AE Remote server
  • AEI-63169 : Software licenses received from PO shows Internal ID as PO number in its details page.
  • AEI-63332 : Unable to search assets with partial name in “Add Relationships” popup.
  • AEI-63554 : The text “Contracts which have expired in the last 30 days” has been changed to “Contracts which have expired in the last 7 days” under contract summary in Home/Dashboard tab.
  • AEI-63704 : List view option not displayed under relationships tab of CIs for non-SDAdmin technicians.
  • AEI-62209 : Vulnerability in scanned XML file.
  • AEI-62734 : Exception occurs when Tabular Custom Report is generated for all Workstations and Servers.
  • AEI-63171 : In report stability settings , ‘top 50000’ has been added in all queries after the keyword 'select’. If the query contains 'distinct’, top 50000 is added between ‘select’ and 'distinct’.
  • AEI-62884 : API version tag is included in failure response of operations in API(XML format only).
  • AEI-63234 : Multiple columns get merged into one while exporting a Report as XLS file.
  • AEI-61642 : Decimal field values displayed with currency symbol in Reports.
  • AEI-63627 : Unable to generate reports when a non-string based entry is used as ‘group by column’ in stacked charts.
  • AEI-62956 : Unable to view chart in the graph view for certain Reports when maximum limit (default of 18 columns) is reached.
  • AEI-63654 : In some customer environment, AD authentication fails, when there is a delay during login.
  • AEI-64061 , AEI-64084 , AEI-63886 , AEI-63821 : Duplicate ‘New PO’ and ‘Delete’ buttons appear in the PO ListView page.
  • AEI-63997 : Unable to search Purchase Orders from global search using PO’s item name.
  • AEI-64000 , AEI-63353 : XSS vulnerability across the product have been fixed.
  • AEI-63968 : Migration fails when same approvers are configured at the same level in a PO.
  • AEI-63435 : Unable to view Purchase Order approval details page in non-login view.
  • AEI-63990 : Performance optimized during Asset scan.
  • AEI-64051 : Privilege-based access provided to delete CIs as opposed to restricted access which was granted only to the SDadmin.
  • AEI-63685 : Performance optimized in ‘Requested by’ field in new Purchase Request.
  • AEI-63539 : Software Dashboard page shows ‘Loading’ image if no Software is present.

Issue fixed in service pack 6122 (Released on: 17 August 2016)

  • AEI-63873 : Duplicate assets found when searching an asset.
  • AEI-63692 : Unable to create Purchase Order from Purchase Request when modifying the requested item name.
  • AEI-62640 : Software compliance does not get updated properly when workstations are deleted from listview.
  • AEI-63094 : CMDB API : CI Attribute’s description is not provided along with the CI Type details.
  • AEI-63580 : CMDB API : Mandatory check is provided for ‘workstation name’ while updating software CI.

Issue fixed in service pack 6121 (Released on: 05 August 2016)

  • AEI-63565 : Inability to create Purchase Order (PO) when a Purchase Request(PR) is created with more Items.
  • AEI-63684 : Inability to create PO from PR by Technicians. This is fixed and the Technicians with ‘Create PO’ role can now create PO from PR.
  • AEI-63823 : In version 6120, the PO Approver flag is disabled automatically after importing users from AD/LDAP.
  • AEI-48827 : The ‘access denied’ exception caused during the backup of physical files from file attachments, inline images etc., resulting in schedule/manual backup operation failure. This is resolved now in the following manner. We ignore the files which cannot be included and complete the backup operation. We mark the backup status as PARTIAL. The skipped files are added to the ‘skippedFiles.txt’ file and included as a part of the ‘backup .data’ file for future reference.
  • AEI-62334 : User import fails for multiple users, as Department appears along with spaces.
  • AEI-63479 : Failure while trying to upgrade to builds 6116-6120, if same barcodes with different letter cases are populated in the database.

Enhancement in service pack 6120 (Released on: 27 June 2016)

  • AEF-61191 : Option to create Purchase Request for Purchase Order has been introduced under ‘Purchase’ module.
  • AEF-62837 : To ensure stability of the application, ‘Stability Settings’ option along with recommended values has been provided under Reports >> Custom settings to set up threshold on the number of parallel Reports, maximum number of rows per Report and Report time out in minutes.

Behavior change in service pack 6120

  • Default theme has been changed from blue to grey.

Issue fixed in service pack 6120

  • AEI-51149 : Rarely used software installations report does not get generated properly.
  • AEI-58916 , AE-59427 : Unable to allocate the users to CAL license when the user name contains any umlaut characters (like ä,ö,ü).
  • AEI-59868 : Exception is thrown when ‘Managed Software’ link under Home tab of a remote server is clicked.
  • AEI-60549 : Workstation does not get listed under global left panel search, when searched under ‘Asset’ category using IP address.
  • AEI-62401 : Unable to precisely update Software license count.
  • AEI-62295 : ‘Add Attachment’ option is wrongly shown in Software details page.

Issue fixed in service pack 6119 (Released on: 01 June 2016)

  • AEI-46251, AEI-58815, AEI-21277, AEI-34788, AEI-60147 : Vulnerabilities in “Keep me signed-in” feature.
  • AEI-60086 : Active user sessions not being destroyed/invalidated after a password change.
  • AEI-62188 : CMDB API : Invalid Table alias “CI” Error while fetching CI List.
  • AEI-62448 : CMDB API : Unable to set value for “Location” field while updating workstations using CMDB API.
  • AEI-62890 : Scan : Cisco IP Phones getting uniquely identified and updated only based on it’s MAC Address and not by it’s IP Address.
  • AEI-62982 : Scan : Barcode set to empty while scanning Cisco IP Phones
  • AEI-63127 : Reports : Duplicate default report named “Virtual Host - Allowed vms Vs Installed vms” under “All Computers” after migrating to 6119.
  • AEI-60816 : Provision to mention user’s login name for ownership assignment of assets/workstations during CSV import.
  • AEI-59878 : Option to customize the generated e-mail when a purchase order is created or submitted for approval.
  • AEI-60078 : Unable to bulk delete different type of CI’s under CMDB tab --> All CI’s List-view.
  • AEI-60200 : Unable to add attachments when “E-mail the owner” or “E-mail the vendor” is performed in both purchase and contract modules.
  • AEI-60610 : Invoice and payment details added by a technician are not displayed in the purchase order when the technician who added the details is deleted.
  • AEI-61541 : Vendors are not listed in the vendor drop down when “Save and Add New” is submitted in workstation’s form.
  • AEI-61420: Decline percent and Depreciation percent values are not getting truncated after two decimal points.
  • AEI-56170: Not able to add IPV6 address in workstation/server form.
  • AEI-62891 : The barcode field gets disappeared while scanning workstation/server.
  • AEI-62445 : Unable to import scanned xml when a software’s location value is more than 100 characters.
  • AEI-62285 : Unable to import scanned xml when a software’s file version value is more than 20 characters.
  • AEI-62284 : ArrayIndexOutOfBounds Exception while importing linux scanned xml file.
  • AEI-62224 : NumberFormatException while importing mac scanned xml file.
  • AEI-62212 : The asset tag field gets disappeared while scanning Cisco IP Phones.
  • AEI-62208 : Unable to bulk add/delete software under Workstation/Server.
  • AEI-62699 : Standalone workstation audit : NullPointerException occurred while importing the scanned xml file.
  • AEI-62658 : Add New Asset Form: Wrong Purchase cost is populated while selecting the vendor.
  • AEI:62066 : Scan : Exception while scanning Windows 10 machines if the Hyper-V is enabled without any virtual machines.
  • AEI-62070 : Assign Ownership : Site select dropdown is not reset to "Not associated to Any Site", when a department that is not associated to any site is selected.

Enhancement in service pack 6118 (Released on: 05 April 2016)

  • AEF-62433: Barcode Generation for assets. An option to add assets( in bulk) by scanning the vendor barcodes or by generating and printing new barcodes, associating them with the existing assets. This is available under Assets

Issue fixed in service pack 6118

  • AEI-60792 : Vulnerability fixed under Support/Community Tab.
  • AEI-62498 : Able to perform upgrade / restore data in a parallel manner, when the server is running in https mode.
  • AEI-62522 : While importing users from Active Directory (2003 and 2008 versions), all OUs are not listed.
  • AEI-62241 : Directory traversal vulnerability.
  • AEI-61722 : Date configuration does not get copied to duplicated custom report.
  • AEI-60236 : Software summary page shows wrong count for “Expired Agreements”.
  • AEI-62043 : Global search in software list view does not show results when clicked.
  • AEI-38751 : Boolean column values are not displayed report when “MSSQL” and “PGSQL” servers are configured as back and database.
  • AEI-62577 : Blank login page after migrated to 6117.

Enhancement in service pack 6117 (Released on: 23 February 2016)

  • AEF-61614 : Ability to import CI Relationships from XLS file.
  • AEF-61045 : Language support for ‘Romanian’ in Asset Explorer.
  • AEF-25241 : Ability to add Requesters with their First name, Middle name and Last name.

Issue fixed in service pack 6117

  • AEI-56035 : Compliance calculation happens for software which are not managed.
  • AEI-60949,62074 : Suite component software installation count is not updated properly.
  • AEI-60206 : Software licenses are move to ‘Expired’ state when the associated software agreement is expired.
  • AEI-23647 : Bulk ‘Edit’ option for changing the state has been added in Asset components list view.
  • AEI-47478 : ‘Unassigned Workstations/Servers’ count gets mismatched when the ‘Count’ is clicked in Asset home page.
  • AEI-49229 : Technician’s with “Add New Product” and “Add New Vendor” role can add new products/vendors under Assets/Contract and PO tab.
  • AEI-52770 : Although address is added in multiple lines under Admin tab -->Sites ,shipping and billing address in PO details page, gets misaligned into a single line.
  • AEI-58223 : Runtime Exception is thrown when ‘Managed Software’ is clicked in “Getting Started” page.
  • AEI-59265 : Table count, Scheduled activities has been included under ‘Support’ tab.
  • AEI-59978 : Separate list view for Laptops and Desktops have been included under ‘Workstation’ list view by default.
  • AEI-61788 : I18N key is missing for ‘Total Cost of Ownership’ in Asset list view page.
  • AEI-59615,AEI-52206,AEI-58689 : The user’s name are not auto populated for “requested by field” in purchase module
  • AEI-55945 : Able to associate an asset component to an user, while using the Import CSV option
  • AEI-57891,AEI-59034 : Unable to delete service packs
  • AEI-58857 : Agent remote control settings are not populating properly from workstation list view
  • AEI-59175 : Inactive departments are shown in the department drop down field of Cost Center
  • AEI-59435 : Manually entered software license keys gets removed after scanning the workstation
  • AEI-59439 : Workstation/servers which are excluded from scan are removed from failed workstation/server list view
  • AEI-59803 : Unable to generate the report for “CMDB” module, filtered by “windows server” with servicepack column
  • AEI-60534 : The host name is getting truncated in virtual machines list view
  • AEI-60777 : Unable to run the CMDB report with Applications filter
  • AEI-61220 : Unwanted entries added in CIHistory during editing the asset
  • AEI-61434 : Unable to edit virtual machine’s name
  • AEI-61820 : Unable to get some data for Technician CIs via API
  • AEI-61667 : Not able to push scanned xml generated from a linux machine using the scan script.
  • AEI-61685: scan : Cannot scan El Capitan Mac OS machines.
  • AEI-59940: scan : Linux Prompt getting appended with the workstation name.
  • AEI-59942: scan : Cisco IP Phones getting overwritten during network scan.
  • AEI-60345: scan : Solaris : Processor details and Bios details are not fetched in SPARC solaris Servers.
  • AEI-61815 : Unable to update the site of an asset/workstation which is imported from purchase order for first time.
  • AEI-61697 : Exception while scanning Windows machine if the model of hard drive is not obtained.
  • AEI-61390 : Unable to scan a Machine through WMI, if the machine has monitor info related entries.
  • AEI-62244 : Agent : Problem while scanning Windows machines if the software name is null or empty in the registry.
  • AEI-62249 : Scan : Issue in identifying default printer while scanning Windows machines.
  • AEI-62036 : Agent : Issue in fetching manufacturer information for physical drives in Windows machines and issue in fetching multi-monitor information from windows machines.

Enhancement in service pack 6116 (Released on: 28 December 2015)

  • AEI-61987 : Jre Version Upgraded from 1.6 to 1.7.

Issue fixed in service pack 6116

  • AEI-60608 : Able to import users from AD without admin privileges.
  • AEI-60142 : XSS vulnerability in accept-language header.
  • AEI-60090 : Vulnerability in uploading scanned XML.
  • AEI-60098 : XSS vulnerability in purchase module.
  • AEI-61863 : Software summary page shows wrong count for “Managed” software type.
  • AEI-60312, AEI-60108, AEI-57847, AEI-61344 : TLSv1.2 support with default strong ciphers (Server has a weak ephemeral Diffie-Hellman public key).

Enhancement in service pack 6115 (Released on: 15 December 2015)

  • AEF-60651 : Tomcat Version Upgraded from 5 to 7.

Issues fixed in service pack 6114 (Released on: 1 October 2015)

  • AEI-34232 : Scan : Scanning multi monitor information from Windows machines.
  • AEI-59774 : Scan : Issue in fetching Manufacturer information from Hard disk.
  • AEI-60654 : Scan : Issue in fetching license key for Windows OS 8 and above.

Enhancement in service pack 6113 (Released on: 23 September 2015)

  • AEF-60160 : Asset Cost Enhancements: key cost values like operational cost, total cost of ownership, current book value are made available in asset’s list view and reports.
  • AEF-58758 : Notifications on asset warranty expiry and asset expiry to technicians can be configured under Admin tab -->Notification rules.

Issue fixed in service pack 6113

  • AEI-50240 : Ability to search the contract with Contract id, additional text fields and vendor name.
  • AEI-58800 : Duplication of users in central server when data is imported from remote AE server.
  • AEI-58902 : Issue in scanning physical drive information from HPUX machine.
  • AEI-58903 : Issue in scanning a network device, when its CI type is changed to any one of the child CI types.
  • AEI-58992 : Issue while scanning a ESX host when DNS name of the virtual machine is not resolved.
  • AEI-59144 : Time out exception while scanning AIX server.
  • AEI-60264 : Asset information gets overwritten when schedule runs at the same time in the remote servers.
  • AEI-60298 : Null pointer exception while scanning network device using SNMP when the OID returns null value.
  • AEI-60299 : When assets are updated during import from remote server ,FQDN name changes to IP.
  • AEI-60300 : Invalid XML character issue while importing remote server data.
  • AEI-60301 : Number format Exception while taking remote via third party remote tool.
  • AEI-60413 : Unable to connect “AssetExplorer Web Client” (Windows -> Start) to the AssetExplorer client.
  • AEI-56510 : Scan : Issue in fetching edition of Microsoft visual studio 2012.
  • AEI-56528 : Scan : Microsoft exchange server duplicated for a single workstation.
  • AEI-58293 : Scan : Certain unwanted software reported while scanning Windows machines.
  • AEI-58732 : Admin : Option to disable ping during scan under Admin tab --> Scan settings.
  • AEI-58908 : Migration failure if any of the workstation/server default report is deleted.
  • AEI-59641 : AD Import : User import fails due to duplicate relationship created between user and department.
  • AEI-60768 : Null pointer exception during agent installation through GPO.
  • AEI-60297 : Unhandled errors and exceptions are fixed.
  • AEI-60283, AEI-60280 : Vulnerability in Bypassed authentication.

Issues fixed in service pack 6112 (Released on: 27 April 2015)

  • AEI-59453 : Asset : XSS vulnerability attack when adding/updating asset details.

Issues fixed in service pack 6111 (Released on: 9 April 2015)

  • AEI-58924 : Software : Software compliance calculation is not accurate if the concerned table gets locked during schedule scan.
  • AEI-58863 : Scan : When the notification query is blocked during schedule scan, subsequent schedule scan is not triggered.

Enhancement in service pack 6110 (Released on: 11 March 2015)

  • AEF-45817 : Support for canceling purchase orders

Issues fixed in service pack 6110

  • AEI-58683 : Scan : If a VMWare Host scan or Network Device scan gets failed, those devices were scanned using the default Cisco Phone credentials.
  • AEI-58822 : Unable to download HP-UX scan script from Stand alone workstation audit section.
  • AEI-58881 : Scan : Exception during Solaris machine scan while parsing BIOS information.
  • AEI-58898 : Scan : Ubuntu OS name not detected in Linux script scan.
  • AEI-58655 : Stand alone workstation audit : Wrong help content for using HP-UX script scan.

Issues fixed in service pack 6109 (Released on: 2 February 2015)

  • AEI-55589 : Issue in displaying custom report widgets under home tab.
  • AEI-57404 : Products and Product Types are not in alphabetical order in their respective select box in New and Edit Purchase Order Page.
  • AEI-57466 : Total count is incorrect during navigation in failed scan workstation list view.
  • AEI-57702 : Close button issue is resolved in connection relationship pop up screen when the technician logged in does not have permission for CMDB.
  • AEI-58240 : Login issue due to 256 bit encryption while scanning Linux machines.
  • AEI-58262 : Problem while importing remote server data when citype name is renamed in central server.
  • AEI-58264 : Option to update software license product even if the association between software and product is removed.
  • AEI-58269 : Issue in scanning printers if null character is returned for OID for location.
  • AEI-58271 : Issue in scanning switches if default CI attributes are deleted.
  • AEI-58467 : SNMP Version 2 support for fetching sysOid from the network devices.
  • AEI-50702 : Unable to ping IPV6 enabled workstation.
  • AEI-55256 : Issue in fetching correct version of IE10 and above during scan.
  • AEI-55458 : Audit notification content is empty, if there is no hardware changes detected during scan.
  • AEI-55687 : Unable to start AE server from desktop icon and start-up menu option in windows 8.
  • AEI-56560 : Unable to take remote connection to a windows 8 machine,when prompt users option is enabled.
  • AEI-58181 : During scan, the edition of MS SQL Server R2 software is not fetched.
  • AEI-58225 : OPENSSL is upgraded to the latest version.
  • AEI-58418 : VMs are listed multiple times in VM list view.
  • AEI-58424 : In network scan, the progress bar shows the completion status as more than 100 % completed at times.
  • AEI-58468 : Migration failure due to unwanted ci relationships created between VM hosts and VMs.

Issues fixed in service pack 6108 (Released on: 12 January 2015)

  • AEI-58703 : File Attachments vulnerability issue while adding a file has been fixed.

Enhancement in service pack 6107 (Released on: 17 November 2014)

  • AEF-55084 : Scan : Support for scanning Hyper-V machines.
  • AEF-56866 : Scan : Identifying servers during scan.
  • AEF-56867: Asset : New view for VM hosts and VMs in left panel under Assets tab.

Issues fixed in service pack 6107

  • AEI-57430 : Scan : Vulnerability issue has been fixed.

Enhancement in service pack 6106 (Released on: 13 October 2014)

  • AEF-57095 : Scan : Support for scanning Cisco IP Phones

Issues fixed in service pack 6106

  • AE-57142 : Scan : Service tag not fetched for AIX machines.
  • AE-56206 : Scan : Software not fetched in SUSE Linux Enterprise server 10.
  • AE-56823 : Scan : Cannot scan VMWare machines using special characters ($,&) in their credentials
  • AE-57435 : Scan : sudo su - command is executing for all non-linux machines (solaris).
  • AE-57389 : Scan : Exception while scanning ESX machines if the relationship between Host machine and Virtual machine already created manually.
  • AE-57424 : Scan : Null Pointer Exception during scan if entry is added in exclude IP Address settings.
  • AE-57295 : Scan : Software are duplicated if backslash is at the end of the software name.
  • AE-57624 : Scan : VMWare machines get duplicated (new machines with_old being created) while scanning ESX host machines.
  • AE-57296 : Scan : While scanning network devices, preference is given to DNS name of devices instead of sysName obtained through SNMP while scanning.
  • AE-57338 : CMDB API : Unable to update Support group via CMDB API.
  • AE-57293 : Asset : Drive usage information is displayed wrong in workstation hardware details page.
  • AE-43938 : Asset : Ability to add new product and vendor by technicians with “Adding New Product” and “Adding New Vendor” roles in add new Workstation/asset form apart from just PO form.
  • AE-57133 : Asset CSV Import : Cannot add a server with value for “Is Virtual” as false.
  • AE-57222 : Asset : Depreciation percentage value in workstation details page is not truncated after two decimal points.
  • AE-57743 : Agent : Timeout value for agent scanning and remote desktop have been made configurable in the database.
  • AE-45037 : Asset CSV Import : IP Address field is not available while importing IT Assets.
  • AE-57305 : Contracts : Need to show the custom contract id in contract notification template instead of contract id.
  • AE-57323 : Contract : While editing a contract invalid e-mail address is thrown if there is no mail-ids configured.
  • AE-57297 : PO : Unable to receive items from Purchase Order when the user does not have role to create PO.
  • AE-57294 : Remote Server : Null Pointer Exception while importing user data from the remote server when the user has login credentials only in remote server.

Enhancement in service pack 6105 (Released on: 7th August 2014)

  • AEF-56520 : Software : Support to export the software and licenses list view data as PDF/XLS/HTML/CSV.

Issues fixed in service pack 6105

  • AE-57077 : Software : Unable to view the attachment files when adding attachments to more than a month old agreement.
  • AE-56524 : Software : Status of the associated software licenses is not changed when changing the agreement’s status
  • AE-57200 : Software : After marking the software license status as "Expired", the associated downgrade license status is not changed as "Expired".
  • AE-57128 : Software : Showing number value for date column in summary report when editing the report immediately.
  • AE-47200 : LDAP Import : OperationNotSupportedException while importing users from LDAP server.

Features in service pack 6104 (Released on: 21st July 2014)

  • AEF- 55999 : Option to configure IP/name of devices which have to be excluded from scan. These devices can be configured under Admin tab --> Scan settings.

Issues Fixed in service pack

  • AEI- 54748 : Scan : Null Pointer Exception while scanning a VMWare host after moving a virtual machine from one host to another host.
  • AEI- 56824 : Scan : Exception while inserting special character in sysDescr during SNMP Scan.
  • AEI-55858 : Scan : Last logged in user name is not identified correctly in certain versions of Mac machines.
  • AEI-55878 : Scan : Issue in identifying model in non global zone solaris machines.
  • AEI-55413 : Scan : Exception while clicking on the machine name in the page which is loaded first time after starting the server.
  • AEI-56825 : Scan : wget is used for pushing the inventory xml to the SDP/AE server when the scan script is executed in a Linux machine if curl command is not available.
  • AEI- 55764 : Distributed Asset Scan : Importing assets in the central server halts even if a single machine fails during import.
  • AEI-56871 : Distributed Asset Scan : Exception while importing remote data if invalid XML character is present in the inventory data.
  • AEI- 55267 : PO : PO closure notification is not triggered when a PO is closed.
  • AEI-56264 : PO : Problem in displaying the PO details page if the currency exchange rate is configured as 0.0.
  • AEI-56479 : PO : In PO list view, the header “Created date” is shown as "Date Ordered".
  • AEI- 56073 : PO : Purchase Order additional fields are not displayed in PO print preview.
  • AEI-56429 : Contracts : Java script error is thrown while adding more than two notify before dates while renewing contract.
  • AEI-57080 : Performance : Unwanted select queries have been removed during audit history clean up and deleting workstations.
  • AEI-56613 : JRE Upgrade : Upgrading JRE to 1.6 version in Linux binaries.
  • AEI-56020 : Asset Ownership : While associating an asset to a component, ownership details of the asset (user and department) are not carried over to the component.
  • AEI-56564 : Scan Summary : The count shown under scan summary in Assets tab does not match with the count in list view loaded upon clicking these links.
  • AEI-49317 : Asset Status : Disposed and Expired state workstations/servers are not included in the Unassigned Workstation/Server list views.
  • AEI-56952 : CMDB : Cancel button not working in add new CI form in Arabic language.

Enhancement in service pack 6103 (Released on: 26th June 2014)

  • AEF-55868 : Report : “Asset State” and “Expiry Date” filters added in Summary report section.

Issues Fixed in Service Pack

  • AE-56615 : Software : Software version column is not available in installation list view in software details page.
  • AE-56037 : Software : License name is missing in software license list view after upgrading to AE 6100 build.
  • AE-56893 : Software : Unable to import the software licenses via CSV when their license key values are empty.
  • AE-56496 : Software : Allocated and available column details are not shown in software license listview for CAL.
  • AE-56478 : Report : Unable to generate the tabular report when choosing “Is Laptop” column in report.

Issues Fixed in Service Pack 6101 (Released on: 17th February 2014)

  • AE-55604 : Vendor : While updating currency for a vendor, currency value gets updated for all vendors with the same currency.
  • AE-55630 : API : API help documentation is not sync with the online documentation.

Enhancements in Service Pack 6100 (Released on 5th February 2014)

Software License Management

  • Support for upgrade and downgrade license
  • Support for suite software, especially this feature will be helpful for Microsoft and Adobe suite products
  • Detecting suite software installations automatically based on rule
  • Ability to purchase upgrade licenses from Purchase Order
  • Site based software compliance
  • Customizable report for software
  • New enhanced UI is introduced in software details and list view page

Features in Service Pack 6100

CMDB API

REST API for CMDB Module : API for performing add, update, read and delete CIs, relationships between CIs and creating CI Types.

Multi currency support in Purchase Order

Multi-currency support in purchase order for procuring assets/services from different vendors who deal with different currencies

Issues fixed in Service Pack 6100

  • AE-51049 : PO : If the PO is approved, clicking on the link provided in approval notification mail leads to a page which displays "You cannot approve this PO".
  • AE-51440 : PO : Unable to send PO approval notifications if the description contains $ symbol.
  • AE-52763 : PO : PO approval in non-login mode doesn’t work if $ symbol is present in the comments.
  • AE-47944 : PO : “Associated software” menu in PO details page is not working when PO is in closed state.
  • AE-46041 : PO : Loading products list is too slow in create new PO page if the number of products is huge.
  • AE-51932 : PO : XSS vulnerability issue while submitting the PO for approval.
  • AE-45490 : Contracts : In add new contract page, invalid E-Mailid is getting saved for “Users to be Notified” field.
  • AE-49436 : Contracts : Contract which is already renewed is being allowed to renew once again.
  • AE-41384 : Assets : Workstation Advanced filter : RAM (in MB) filter is not working.
  • AE-46814 : Assets : Workstation Advanced filter : Model name filter is not working in Internet Explorer.
  • AE-52188 : Assets : Arithmetic Exception while viewing printer details page.
  • AE-49753 : Assets : Exception while performing “Save and Add New” from create new server page.
  • AE-50265 : Assets : Assets by region graph is not showing correct data.
  • AE-50405 : Scan : Proper error message is not displayed if duplicate Service Tags are added under Admin --> Scan settings --> Invalid service tag list.
  • AE-48168 : Scan : Software not scanned in Japanese Ubuntu linux machines.
  • AE-50843 : Scan : Memory leak issue during Agent scan.
  • AE-50565 : Scan : ArrayIndexOutOfBounds exception occurred while scanning a linux machine if the linux machine is not configured under any domain.
  • AE-51209 : Scan : Usability issue in displaying BIOS version in the workstation hardware details page.
  • AE-52095 : Scan : Solaris scan : Total memory displayed with wrong information.
  • AE-52096 : Scan : Sudo support is enhanced using “sudo su -” command for all unix based scanning.
  • AE-51197 : Updating the company details in Admin is updated in the generated report.
  • AE-53352 : Reports : Cannot generate the Audit history report after restoring pgsql data.
  • AE-50404 : Remote Server : Cannot push data to central server due to invalid xml characters in printer details.
  • AE-51403 : Remote Control: Dameware remote control showing $DOMAINNAME instead of the Domain value.

ManageEngine AssetExplorer 6.0****New Features 6000 (Released on: 27 August, 2013)

  • AE-50501 : Option to configure multiple credentials for each subnet in Network scan. If a subnet has Windows, Unix, VMWare and Network devices, different credentials can be configured based on the protocol (WMI, Telnet/SSH, SNMP V1/V2 & VMWare) used for scanning. These credentials are stored in a central credential library and can be associated to Network scan, individual machine scan and remote control.
  • AE-51483 : All Network devices with SNMP enabled can be scanned for inventory.
  • AE-49373 : Database passwords stored in the db-configuration files after encryption.

Issues Fixed:

  • AE-38820 : PO: Email-ID of the vendor is not populated by default in “Order this PO” form.
  • AE-51049 : PO: While approving a PO in non-login view, “You cannot approve this PO” error is thrown at times.
  • AE-51066 : PO : When a PO is edited, the PO’s status is changed to “Pending Approval” but PO approval status is not changed.
  • AE-51062 : Agent : Problem while performing remote control due to wrong DNS cache being retained in the server.
  • AE-46524 : Agent : Unable to take Windows backup if AssetExplorer agent is installed.
  • AE-49439 : Agent : Uninstalling the agent from a Windows workstation would remove the agent software entry for all workstations in AssetExplorer.
  • AE-48805 : Agent : If agents are deployed using GPO, agents are downloaded to workstations even if same version of the agent is installed.
  • AE-46323 : Scan : Value in “Description” field is removed after rescanning servers or workstations.
  • AE-30393 : Scan : Service packs are not detected while scanning Windows Vista machines.
  • AE-44569 : Scan : Unable to scan a linux workstation from linux server installation.
  • AE-47252 : Scan : IPV6 address is not shown properly in the workstation details page during scanned xml import.
  • AE-29711 : Scan : AIX machines getting added with name as 127.0.0.1
  • AE-51419 : Scan : Fetching Oracle installation details for linux machines during scan.
  • AE-48679 : Agent : Issue in starting the agent service when scan at boot is set to true while installing the agent.
  • AE-50917 : Scan : CentOS machines are detected as Redhat machines.

ManageEngine AssetExplorer 5.6****Issues Fixed in 5618

  • AE-50809 : The certificates used to signing the add-ons of Remote Control are expired.
  • AE-50768 : Unnecessary Shortcut created in desktop while taking Remote Control of a machine using agent.

Issues Fixed in 5617

  • AE-47514 : Distributed scanning : Error while pushing data to central server due to invalid character in Software name.
  • AE-47691 : CSV Import : Service tag check is not case insensitive while merging workstations.
  • AE-47916 : Distributed scanning : Error while pushing data to central server due to invalid character in Software version.
  • AE-47917 : The timeout for agent requests has been increased to 120 seconds.
  • AE-48241 : Query optimized for performance issues reported on clicking the list view option in relationships tab of CIs.
  • AE-48587 : Timeout support added for scanning VMWare machines.
  • AE-48790 : Exception while re-scanning and updating ESX host machines if the device was identified as a workstation during initial discovery.
  • AE-48372 : NullPointerException while parsing serial number for VMWare machines.
  • AE-48804 : Audit history cleanup schedule not working for huge data.
  • AE-48110 : Cannot scan Japanese workstations with Ubuntu Operating system.
  • AE-48865 : NumberFormatException while parsing printer memory details.
  • AE-48791 : Query optimized for performance issue reported on viewing the failed workstation list view.

Enhancements:

  • AE-48839 : Support for mentioning contract types,creating child contracts and enhancements in contract renewal.

Issues Fixed in 5616

  • AE-48610 : The default report ‘Software by manufacturer’ does not work if the database is postgres.
  • AE-48605 : The default report ‘Rarely used software installations’ does not work if the database is postgres.
  • AE-48591 : Unable to restore the linux postgres backup data into windows server.

» ReadMe for Build 5615

Enhancements:

  • AE-48607 : PostgreSQL database support is added.

» ReadMe for Build 5614

Issues Fixed:

  • AE-46841 : Option to turn off processing scanned xmls submitted through http from remote machines.
  • AE-48114 : Cross-site scripting vulnerability identified in parsing scanned xmls has been fixed.

» ReadMe for Build 5613

(Released on: 02 November, 2012)

Enhancements:

  • AE-47798 : Support for approving Purchase Orders by multi-level approvers.

Issues Fixed:

  • AE-46643 : Deleted users are listed in All Cis list view
  • AE-46811 : Global search filter’s default text is not cleared while clicking in the search field.
  • AE-47205 : Servers cannot searched in global Workstation/Server search, now a new filter for server search is available.
  • AE-47431 : Cannot add attachments to contracts after upgraded to AssetExplorer 5611
  • AE-47204 : Linux scan script contains invalid path for bash location.
  • AE-47406 : License agreement’s attachment functionality is not working properly.
  • AE-47513 : SocketException while trying to scan a solaris machine.
  • AE-47588 : No alert message while reconciling two workstations received by PO.
  • AE-47641 : Contract xls import adding ‘From date’ greater than ‘To date’ field.
  • AE-47688 : Complete Asset scan history gets deleted when schedule audit history cleanup enabled.
  • AE-47524 : Error while reconciling workstations from workstation’s list view.

» ReadMe for Build 5612

(Released on: 15 October, 2012)

Features Added:

  • AE-47522 : Ability to imports contracts from excel.
  • AE-47605 : Ability to localize or modify the names of CI Types, Product Types and Relationship Types

» ReadMe for Build 5611

(Released on: 29 August, 2012)

Features Added:

  • AE-46613 : Service tags can be imported while receiving workstations/servers in Purchase Order
  • AE-46784 : Apart from SDAmin,non-admin technicians can also create query report by enabling fine grained authorization check “Create Query Report” while adding or editing a role.
  • AE-31535 : Ability to perform remote control using other tools like Windows Remote Desktop, VNC, Team Planner, DameWare etc

Issues Fixed:

  • AE-41383 : Cannot delete workstations with huge audit history.
  • AE-45818 : Technicians with Asset full role with Scan Now option enabled cannot do a “New scan” in workstation listview.
  • AE-46528 : Cannot fetch OS name and hardware details in Solaris machine due to non-bash shells.
  • AE-46543 : Software not fetched during importing of japanese linux scanned xml.
  • AE-46615 : Hardware details not fetched during importing of linux scanned xml.
  • AE-46624 : More threads waiting for getting printer’s server name during bulk scanned xml import
  • AE-44910 : Software ci gets deleted from list view, while removing any of its relationships.
  • AE-46730 : When scanning a VM, its relationship with VMHost is lost.
  • AE-46736 : Problem with scanning linux machine if the output for uname -s returns in 2 lines
  • AE-46739 : While scanning a linux machine, if the port 9090 is open, trying to scan via agent and stopped instead of proceeding to linux scan
  • AE-46313 :Installed column becomes zero after applying licenses in Software details page.
  • AE-44051 : Date format is not personalized in Purchase Order non-login page.
  • AE-45922 : Inventory data will be lost while moving from workstation product to server product.
  • AE-46344 : Purchase Order attachment not accessible in non-login page.
  • AE-46346 : The message displayed after approving or rejecting a Purchase order has been modified.
  • AE-46709 : While scanning ESX Virtual Machine, VM’s alias name is fetched instead of VM host name.
  • AE-46755 : Audit reports are not site based.
  • AE-46904 : Worskstation name changed to ipaddress during scheduled scan.

» ReadMe for Build 5610

(Released on: 11 June, 2012)

Issues Fixed:

  • AE-46185 : Model of the HP printers not detected during scan.
  • AE-46179 : Local credentials provided for certain devices gets overwritten with domain/network credentials if domain scan or network scan is performed.
  • AE-46165 : Error while viewing the asset details page if AssetExplorer is installed in Spanish OS server.
  • AE-46183 : Time out error while scanning Solaris machines.

» ReadMe for Build 5609

(Released on: 21 May, 2012)

Issues Fixed:

  • AE-45840 : Vulnerability in agent based scanning.
  • AE-45838 : Unable to view the purchase order which has the attachments after applying the service pack.
  • AE-45711 : Unable to change the product type from one consumable type to another consumable type in product page.
  • AE-45532 : Major/Minor version association is got removed after updating the product details in admin page
  • AE-45174 : Unable to apply the license file in linux installation.
  • AE-43388 : Installed count showing ‘0’ value for CAL in license listview.
  • AE-42755 : Asset product is changed to ‘Unknown Device’ while changing the asset’s product type to another type.
  • AE-36695 : When a software version update occurs, the license is deallocated.
  • AE-45837 : Unable to import assets from CSV file if the asset’s department is present in more than one site.
  • AE-44155 : Product type is not deleted after deleting the CI Type.

» ReadMe for Build 5608

(Released on: 25 April, 2012)

Issues Fixed:

  • AE-45733 : Unable to apply ‘Service Pack’ from linux installation.
  • AE-45734 : Unable to start the server after restoring the backup data.

» ReadMe for Build 5607

(Released on: 23 April, 2012)

Enhancements:

  • AEF-43454 : Provision to map configured user additional fields to fields in Active Directory while performing user’s import.
  • AEF-43585 : Ability to schedule user’s import from CSV.
  • AEF-43587 : Support for columns serial number, location, asset tag, acquisition date, expiry date and warranty expiry date in workstation and asset list views.
  • AEF-44175 : Frequently asked query reports provided under reports section for both MySQL/MSSQL databases.

Issues Fixed:

  • AE-43837 : Software not detected in certain latest versions of Mac machines.
  • AE-42518 : CMDB reports got corrupted when a CI Type was moved from IT to Non-IT.
  • AE-42795 : Reports exported to Excel format can handle more than 65000 rows.
  • AE-43275 : User’s site information get removed when importing users from remote server to central server.
  • AE-43292 : While creating new attributes for a CI Type, only the last attribute added is displayed in the list view of the CIType.
  • AE-39525 : Contract expiry notifications delayed by a day from the value specified in "Notify before days".

» ReadMe for Build 5606

(Released on: 11 January, 2012)

Issues Fixed:

  • AE-41346 : Exception while editing a workstation by technicians with full control of Asset Module (without SDAdmin role).
  • AE-39389 : Technicians with full control of Asset Module (without SDAdmin and CMDB role) cannot import assets from CSV file.
  • AE-41793 : CSV import failed for certain workstations if the model field in the CSV import was case sensitive.
  • AE-39999 : Scan getting failed when the software manufacturer name having more than 150 characters.
  • AE-43119 : License keys are not detected in case of scanning through agent.
  • AE-39095 : Unable to delete workstations which had huge date of audit history.
  • AE-40398 : Cannot import remote server data into central server if the data had some special characters.
  • AE-41822 : LDAP import getting failed in case of Novel eDirectory.
  • AE-42821 : While scanning VMHosts, relationships between VMHosts and VMs were not established if the VMs were scanned even before the VMHost was scanned.

» ReadMe for Build 5605

(Released on: 17 November, 2011)

Issues Fixed:

  • AE-41966 : Workstations getting overwritten based on machine name instead of service tag in WMI scanning.
  • AE-41967 : Entries from the table DynamicTables getting removed while restoring the backup data.

» ReadMe for Build 5604

(Released on: 02 November, 2011)

Enhancements:

  • AE-40751 : Scanning inventory for VMWare host machines (Supports ESX/ESXi 3.5 to 4.1).
  • AE-41214 : Option to configure email ids to notified apart from choosing technicians for contract expiry notification.
  • AE-41213 : Option to send multiple expiry notifications for a contract.
  • AE-41212 : Option provided to additional comments while changing the state of assets or assigning it to a user/department.
  • AE-40395 : Scan script for Mac machines.
  • AE -39145 : Fetching user accounts from Windows machines during scan.
  • AE-40327 : Default report to find assets depreciated by 50% or below.

Issues Fixed:

  • AE-41363 : System type(32 bit/64 bit) details not shown for windows XP/2003.
  • AE-41159 : Microsoft office license key not fetched in agent based scanning.
  • AE-40850 : Importing CSV file by having workstation UDF fields without asset UDF fields causes error.
  • AE-40749 : Remote Control not working in Firefox 5.0
  • AE-40722 : Exception throws on home page, if a product type is named as “Others”
  • AE-40537 : When UAC is enabled in Windows Vista and later OS, viewer hangs during remote control.
  • AE-40393 : Showing last logged in user in Mac machines.
  • AE-40392 : Showing last logged in user in linux machines.
  • AE-40302 : Contract notification is not sent, if a technician with invalid email id is chosen.
  • AE-40157 : While adding description with new line characters in the workstation"s add cost popup, details are shown in a single line.
  • AE-40124 : Workstation filter is not reset to “All” after searching in Workstation list view.
  • AE-39908 : Site restricted technicians are not able to view query based report.
  • AE-41154 : While performing auto assign workstation, option to configure "Retain users site as assets site".

» ReadMe for Build 5603

(Released on: 22 August, 2011)

Enhancements:

  • AEF-39502: Asset Depreciation - The depreciation costs of all the assets can be calculated by choosing the appropriate depreciation method either at the product level or asset level.
  • AEF-38896: Public key authentication support for scanning linux machines
  • AEF-40001: Support for scanning the linux machines using shell script. The script can be used for scanning linux machines not in network or to push inventory data from the remote machines to the server.
  • AEF-39816: RAM frequency details fetched during scan.
  • AEF-39816: Date fields in all the forms can be edited manually without choosing the calender.

Issues Fixed:

  • AE-39870: Some unwanted IPs are getting added when scan is triggered by enabling "Check for newly added workstations".
  • AE-39501: Shipping and billing address with more than 30 characters cannot be added in PO.
  • AE-39787: Not more than 10 characters can be provided in the first field of add new vendor form.
  • AE-39872: Workstations CSV import failed if the harddisk capacity was provided without harddisk serial number.
  • AE-40003: In the components list view, not able to find the users who owned the components.

» ReadMe for Build 5602

(Released on: 15 July, 2011)

Enhancements:

  • AEF-38867: Support for sending notification to user(s) upon installation of prohibited software.
  • AEF-39408: Support to identify workstations with duplicate ‘Service Tag’ and ‘MAC Address’ from Admin tab --> General Settings.
  • AEF-38868: Support to enable or disable the scan option while creating/editing a role.

Issues Fixed:

  • AE-38969: Unable to push the remote server data to central server when no site is specified in 'Central Server Configuration' page.
  • AE-39449: Slow response while searching the workstation/server from global search.
  • AE-39277: Showing all the deleted people list while adding 'Used by' relationship in asset’s add relationship page.
  • AE-38844: Certain software not detected on 64 bit machines.

» ReadMe for Build 5601

(Released on: 18th June, 2011)

Enhancements:

  • AEF-39000: Option to add attachments in Purchase Order without editing it.
  • AEF-38692: I18N support for CI and relationship attributes.
  • AEF-38115: While scanning MS SQL Server software from the machines, the edition of the software is also fetched.

Issues Fixed:

  • AE-38855: Domain name getting duplicated in the domain list view during scan.
  • AE-38734: Assign Owner popup is not closed in firefox when the action is performed from list views.
  • AE-38704: A server under Application Server CIType with OS as Microsoft Windows would be moved under Windows Server CIType upon editing it.
  • AE-38705: A parent CIType and its childs with CIs in it and which are not assets (i.e “Track as assets” is disabled).If the parent CIType is now moved under an asset CI Type (for eg:Server), the mapping to Server is not established appropriately.
  • AE-38659: While performing an AD users import login name is populated in place of display name.
  • AE-38887: While performing a scheduled AD import of users, the checkbox status for “Move associated assets” is not retained.
  • AE-38870: Agent failed to start in certain machines due to dll corruption and agent version upgraded to 1.0.6.

» ReadMe for Build 5600

Enhancements in CMDB Module:

  • With this release all assets,people (users and technicians), documents, IT and Business Service etc are tracked as configuration items (CIs).
  • All CIs are categorized under CI Types and each CI Type can have different set of attributes and relationships.
  • CI Types can be configured in an hierarchical structure and a child CI Type would inherit the attributes and relationships of the parent CI Type.
  • Unlike the previous version, any type of relationship can be configured between two CIs.
  • CIs are identified during scan, AD import and categorized under appropriate CI Types. CIs can also be imported from CSV files.
  • Enhanced CI relationship map which allows viewing the relationships to N levels. The relationships of a node are displayed upon clicking it.

Issues Fixed:

  • Agent failed to start when UAC is enabled in Windows Vista.
  • Showing command prompt during agent install/upgrade/uninstall has been removed.
  • Agent status is not updated to the server if agent is uninstalled manually.
  • The manufacturer of a software can be edited from the software details page.
  • StackOverFlow error and OutOfMemory error during reconcile of workstations.
  • OU population takes a long time during users import from Active directory and domain scan when the OUs is high.
  • Microsoft Office license keys not fetched in Windows7 64 bit machines.
  • While importing users from Active directory if the department for the user is changed, corresponding change was not reflected in the assets owned by the user if “Move associated assets” was not checked during import.

» ReadMe for Build 5504

Issues Fixed:

  • Agent failed to start in certain machines due to dll corruption.
  • Blank page during login in free version of AssetExplorer.

» ReadMe for Build 5503

Issues Fixed:

  • Software is not detected during scan in Debian machines.
  • Internet Explorer is not detected while scanning windows vista machines.
  • All IpAddresses are not detected while scanning linux machines.
  • Remote server data is not imported into the central server if the users email id is empty.
  • Asset additional fields not shown in the workstation list view.
  • Print preview provided for non it assets.
  • RemoteControl failed for vista and later operating systems when prompt for getting user’s permission is configured.
  • Installation count is not displayed correctly in software details page if major-minor version grouping is configured for a software.
  • Copy and paste (Ctlr+c and Ctlr+v) does not work during remote control.

» ReadMe for Build 5502

Issues Fixed:

  • Site association is removed for asset(s) in “In Store” state after a Domain/Network scan is performed without choosing a site.
  • Unable to approve the PO if the approver name contains a single quote.|
  • Unable to edit the PO created date.
  • UI alignment is not proper in License Agreement details page.
  • User, department ,site and region details included in agent related list views.
  • Last logged user field changes from a user name to blank after a scan, if scan is performed using script as logon script or through agent with “Scan of system startup” enabled.
  • Some of the software titles are displayed with ####AND#### instead of ‘&’ after script or agent scan.
  • Software version is not updated properly during rediscovery of workstations/servers.
  • Similar to agent based scan, WMI scan will fetch software installed by all users from Windows machines.
  • If an asset in moved to “In Store” state, the association of components with the asset will not be removed.

» ReadMe for Build 5501

Issues Fixed:

  • Hard disk and Memory Module information is not fetched while scanning Solaris machines.
  • Memory details are not fetched while scanning Mac machines.
  • Problem while scanning AIX machines when OS version is fetched.
  • Change credentials not happening from device details page for network devices.
  • Organization logo is displayed in PO even after disabling it under Admin tab -->Company details.
  • Unable to search for server(s) from the global search.
  • Domain information is lost after changing a user to technician.
  • Problem while searching for resources from the global search in non-English version.
  • 'Order this PO' link not displayed for the PO owner.
  • Vendor’s Email ID is not displayed in purchase order form.
  • Site is not populating automatically after choosing user/department in “Assign Owner” screen.
  • Unable to connect and push data to central server using 'Local Authentication' from remote server in case of distributed asset scanning.
  • Software reports showing improper purchased and installation counts under certain conditions.
  • 'Server with less than 10% free space' report is not working with MS SQL database server.
  • PO Overdue notification is not sent later if application is not running when the notification action has been scheduled.

» ReadMe for Build 5500

Features Added:

  • Agent based scanning for windows workstations and servers.
  • Support for fetching inventory from AIX machines.
  • Support for scanning 64bit software.
  • Support for multiple languages apart from English.
  • PO work flow has been enhanced to include four new states : Ordered, Items Received, Invoice Received and Payment Done with support for adding invoice and payment details.
  • Multi Approval : Provision to configure multiple approver’s for a PO.
  • Ceiling limit for PO approver : Provision to restrict an approver to approve a PO based on the total cost of the PO.
  • Support for configuring different tax rates for items in single PO.
  • Consumables : Items that are of type consumable would not be added as individual asset while they are received from PO.
  • Reconcile assets : Provision to reconcile assets created by receiving items from PO and assets added during scan.
  • Support for different license types like OEM, concurrent, enterprise - subscription, enterprise - perpetual, free, named user, node locked, trial apart from the existing CAL,volume, individual. License types for Microsoft,Adobe and Symantec are configured by default.
  • Support for configuring custom license types.
  • Support for license agreements and notifications on license expiry.
  • Importing software licenses from CSV.
  • During bulk allocation of licenses, licenses would be allocated to corresponding machines based on the license key fetched during scan and license key of the licenses.
  • Auto sync of Distributed data - The inventory data scanned in the remote AE servers would be pushed automatically to the central AE server. This would be a periodic process and any change in inventory data in the remote server would be synchronized with the central server.
  • Remote Control settings : Remote control to a machine would prompt for user’s permission by default to access the machine. Machines for which the prompt is not required (for eg: Servers) can be configured from the workstation/server list views.

Other Enhancements:

  • Problem in scanning dual processors in a machine has been fixed.
  • Manually added software to workstation would be retained even after subsequent scans. Previously, those software would be removed during subsequent scans.
  • Site restriction on asset removed : Previously asset’s site is determined by the site in which the user of the asset is. Now asset can be associated to a site other than its user’s site.
  • Provision to add invalid servicetag list and OIDs for network devices from UI.

» ReadMe for Build 5103

Issues Fixed:

  • Problem while importing the standalone audit scan information through xml when the software name is not available.
  • In custom reports filter, vendor details were also displayed when site was chosen.
  • The software ‘Microsoft Security client’ was not detected in scan.
  • The changes in product name of servers was not updated during re-discovery.
  • Problem while scanning solaris zone machines.
  • Certain workstations getting overwritten due to same machine name even though servicetag is different.

» ReadMe for Build 5102

Issues Fixed:

  • Duplicate department error while importing users from the Active Directory / CSV file when the department with the same name is already marked as deleted.
  • New column(s) added in Custom report under module Workstation/Resources.
    • Bar code
    • Last logged user
    • Workstation type (Desktop/Laptop)
    • Lease start date
    • Lease end date
  • Unable to remove the product even if the product is not associated to any asset(s).
  • ‘Order By’ functionality in reports section is not working properly with MSSQL database.
  • Junk values in MAC Address if the machines are scanned using scan script.
  • Scanned information(s) is not updated properly in database if scanning of a machine takes more than 5 minutes.
  • While doing individual workstation scan or network scan, it’s updating the scanned data to the another machine.
  • Incorrect BIOS date in harware details page for Linux machines.
  • Showing different history information while doing scan using ‘Scan now’ option and scan script.
  • Selected OU’s structure is not maintained during subsequent scans.
  • Junk values in monitor serial number while doing domain scan.
  • Error while scanning linux machines (One of the mandatory field value is set as NULL).
  • Unable to change the user’s department if user is owner for an asset.
  • Not able to save the location details in asset page without giving site information.
  • Multi processor information is not fetched in Linux machine.
  • Error while scanning Mac machines if the machine memory module details are having encrypted content or empty string.
  • Unable to update the site information of assets if the asset ownership is having user or department not assigned to any site.
  • Always showing ‘Hardware removed’ and ‘Hardware added’ in EMail notification after domain scan.
  • Purchase order listview column customizer is not working in firefox browser.

» ReadMe for Build 5101

Issues Fixed:

  • Unable to import the asset(s) from CSV file if department is specified without site information.
  • Expired and Disposed workstation(s) removed from Unaudited workstations list view.
  • Expired and Disposed assets removed from assets list displayed under “Associate to Asset” option in “Assign Owner” screen.
  • License details is not removed if the software type is changed from Managed to any other type.
  • Home page software compliance type graph is not showing the count properly in case of major-minor version grouping.
  • Compliance type not displayed properly if volume license is purchased for particular software.
  • Changing the report column order is not working.
  • SQL Query report ‘Order By’ functionality is not working.
  • Asset home page ‘Asset Summary’ dashboard is not showing their count properly if the product type count is greater than 10.
  • OU’s page is not loading if the OU’s count is too large.
  • AD User(s) import is not working with windows 2008 server.

» ReadMe for Build 5100

Features Added:

  • Support for Client Access License (CAL).
  • Support for fetching users from LDAP and LDAP authentication.
  • Support for Personalized date format.
  • Support for scanning Multi Processor information in linux machines.
  • New role ‘Remote Desktop Access’ is added to restrict technicians from using Remote Control.
  • Support for additional fields for Software License.
  • Fetching software from Mac machines.

Issues Fixed:

  • Remote Control to Windows Vista OS and Remote Control from Firefox 3.
  • Restriction on specifying the contract notification period.
  • Performance issues in scanning Windows machines using Logon script.

» ReadMe for Build 5005

Issues Fixed:

  • Support for scanning Solaris machines using telnet or SSH.
  • Support for volume licensing apart from the current individual and enterprise licensing.
  • Support for fetching multiple processor details from the workstations.
  • Support for scanning the workstations in silent mode using the scan script(Scan tab --> Standalone workstation audit). This script can be configured as a logon script in Active Directory and even in case of failure the error message would be pushed to the AE server without prompting the error message to the workstation users.

» ReadMe for Build 5004

Issues Fixed:

  • Site field is missing in software license edit page.
  • Software Summary Report is showing duplicate workstations for certain criteria.
  • Modify product type option added in workstation and other assets listview.
  • While editing the server, product’s of type server are not displayed under model dropdown.
  • Duplicate workstations in software details page.
  • Exception while deleting the multiple workstation(s) from the listview.
  • Exception while scanning the network devices like printer, router, switch and access point.
  • Service pack installed workstation listview always showing all workstation(s) even if the logged in user has restricted site access.
  • Unable to generate the advanced matrix report for certain criteria choosen.
  • Audit report is not working with SQL Server 2000.
  • Summary report print preview is not working properly if the report is having any criteria in filter page.
  • HTTP 500 error while viewing the user details in software details page.
  • Data model schema added for software in New query report option.
  • Department is not checked by default in AD user’s import wizard.
  • Network/Windows domain scan audit changes notification is sent to the wrong technician at times.
  • While changing the asset state from ‘In Use’ to ‘In Repair’ its removing the attached assets and components.
  • Spot search is not working in failed workstations list view.

» ReadMe for Build 5003

Issues Fixed:

  • 100% CPU usage when the product or SQL Server is running in non-english OS.
  • Creating duplicate workstations in the listview after changing the resource state from custom state to 'In Use’.
  • GL Code size increased from 20 to 250.
  • Server machines is not removed from the server listview, after changing the product type from ‘Server’ to other product.
  • Software information is missing after importing the scanned windows data into linux machine.
  • Contract notification template format is not reflected in the EMail to the owner/vendor page.
  • Dynamic group listview showing the incorrect information for the site column.
  • Location, Warrenty Expiry date, GL Code and Cost Center added in reports.
  • Rendering exception while searching the software from the global search.
  • New purchase order quantity field accepting alpha numeric value.
  • Workstation listview advanced filter not working properly.
  • Software licensing, connected asset(s) and attached component(s) will be removed if the asset changed from ‘In Use’ to 'Disposed’/ 'Expired’.
  • Memory and date column comparison is not working properly in reports.
  • Matrix report title always showing Untitled.
  • Unable to edit, save and schedule the audit report.

» ReadMe for Build 5002

Issues Fixed:

  • Unable to import the non english scanned assets from Remote Server.
  • Duplicate department(s) created after importing the user(s) from the Active Directory.
  • IP Address column added in Dynamic Group Criteria list.
  • Provision to assign the site to all the resource states except ‘In Use’ and ‘In Repair’ states.
  • Expired contract(s) not sending all the asset(s) in notification mail.
  • Adding new asset from the asset list view its not choosing the right product name instead it showing all the products.
  • Asset Home page is not displaying properly.
  • Software information not fetching from the Windows vista machine.
  • While editing the server, appropriate model is not displayed.
  • Site restriction defined for technicians get removed after importing users from Active Directory.
  • Unable to schedule the audit report(s).
  • Date format issue in Asset CSV import.

» ReadMe for Build 5001

Issues Fixed:

  • Asset and Workstation listview performance issues fixed.
  • Software listview installed count allways showing zero for unmanaged softwares.
  • Browser cache Issues fixed.
  • Home page graph not loading properly fixed.
  • Duplicate resources in Dynamic Group listview fixed.

» ReadMe for Build 5000

Features Added:

  • Support for MSSQL apart from MySQL.
  • Defining roles for technicians i.e technician access can be restricted to certain modules alone like assets alone, purchase alone e.t.c.
  • Backup scheduling : The entire data can be backed up on a periodic basis to a remote server.
  • Distributed asset scan to support for printers, routers, switches and users imported from Active directory apart from workstations alone.
  • Provision to remote connect to a Windows workstaion.
  • Provision for attachments and additional fields in purchase order with enhanced approval system.
  • Site based access restriction for technicians. For eg: a technician can be restricted to view, add,update or delete any data pertaining to California site alone. This would be helpful for organizations distributed across multiple sites.
  • Provision to add custom resource states.
  • Provision to add contract additional fields.
  • Asset Relationships - Helps in providing a quick view of all the assets that are impacted if a particular asset is down. For eg: View all the workstations that are affected if a printer is down.
  • AD Authentication for technician login.
  • Provision to bulk select and scan from workstations, other IT assets and groups list view.

README for Version 4.0 and above

» ReadMe for Build 4017

Issues Fixed:

  • Issues related to fetching service tag, product and bios details in case of linux machines have been resolved.
  • Issue in displaying workstation and asset additional fields in the details page (Resource Info page) has been fixed.

» ReadMe for Build 4016

Issues Fixed:

  • Certain memory issues in software license management has been fixed.

» ReadMe for Build 4015

Features Included:

  • Fetching service tag, model, bios information, memory modules for linux machines during scanning.
  • Fetching software version for all software while scanning.
  • Certain memory issues while adding software licenses has been resolved.

» ReadMe for Build 4014

Features Included:

  • Certain memory issues while scanning large number of workstations has been resolved.
  • Auto pushing of agent to the remote workstations in case of DCOM failures while scanning.

» ReadMe for Build 4013

Features Included:

  • Distributed workstation scan: AssetExplorer will help you scan assets distributed across multiple sites. Install AssetExplorer in your remote sites where you want to scan assets. When scanning is complete, you will be able to export the data from the remote AssetExplorer server in the site and import it in your central AssetExplorer Server.

» ReadMe for Build 4012

Issues Fixed:

  • Attachments not being displayed in old contracts.
  • Problem in scanning workstations which has two entries for the same software in the registry.

» ReadMe for Build 4011

Features Included:

  • Stand alone workstation audit i.e., provision to scan workstations not in network, copy the inventory data and import it in to AssetExplorer server.
  • Scan for printer configuration details from workstations.
  • Scan for software installation date.
  • Provision to add new software type and software category.

Issues Fixed:

  • License keys not fetched from Microsoft Office 2007.
  • Oracle client installation not being scanned.
  • No able to delete a domain.
  • Not able to stop scanning from the Windows domain scan popup window.
  • Physical memory conversion issues in reports.
  • Manually modified servicetag getting changed in subsequent scan.

» ReadMe for Build 4010

Features Included:

  • Asset Lease Expiry Notification.
  • Workstation-Server classfication.

Issues Fixed:

  • Workstation state automatically changing to “In Store” state.
  • Exceptions when scanning a workstation through WMI Scan Script.
  • Memory shortage problem during importing users from Active Directory.

» ReadMe for Build 4009

Features Included:

  • WMI Logon Scripts to push the Hardware and software inventory into AssetExplorer Server.
  • Provision to attach Documents to all Assets.

Issues Fixed:

  • Problem while deleting Domains.
  • Workstation Audit History Problem in large DHCP enabled networks.
  • Workstations inventory not getting updated on successful re-scans.

» ReadMe for Build 4008

Features Included:

  • Support for fetching inventory details of Printers, Routers and Switches.
  • Support for modifying the Product and Product Type of any asset.

» ReadMe for Build 4005

Features Included:

  • Scan for Windows service packs and hotfixes.
  • Scan for software in Linux workstations.
  • Support for resource and workstation addtional fields in reports.
  • Enhanced import workstations from CSV file.

Issues Fixed:

  • Unable to allocate more than 10 software licenses from a particular software page.

» ReadMe for Build 4004

Features Included:

  • Scan range of IP address in Network Scan.
  • Support for scanning Mac workstations.
  • SSH support for scanning Linux and Mac workstations.
  • Provision to configure scan credentials for individual workstation.
  • Bulk modification of scan credentials from workstation list view.

» ReadMe for Build 4002

Issues Fixed:

  • Unable to schedule more than one report.
  • Unable to view assets associated with a Purchase order if the name of the asset is modified.
  • Organizational units not being listed when hierarchy in AD is modified.
  • If some users are deleted and import users from AD is performed, the deleted users are not getting added.
  • Option for bulk modification of state in Workstations and Assets list view.

» ReadMe for Build 4001

Issues Fixed:

  • Unable to start both AssetExplorer and ServiceDesk Plus as windows service in the same machine.

ManageEngine AssetExplorer 5618

Issues fixed in service pack 5618

  • AE-50809 : The certificates used to signing the add-ons of Remote Control are expired.
  • AE-50768 : Unnecessary Shortcut created in desktop while taking Remote Control of a machine using agent.

ManageEngine AssetExplorer 5617

Issues fixed in service pack 5617

  • AE-47514 : Distributed scanning : Error while pushing data to central server due to invalid character in Software name.
  • AE-47691 : CSV Import : Service tag check is not case insensitive while merging workstations.
  • AE-47916 : Distributed scanning : Error while pushing data to central server due to invalid character in Software version.
  • AE-47917 : The timeout for agent requests has been increased to 120 seconds.
  • AE-48241 : Query optimized for performance issues reported on clicking the list view option in relationships tab of CIs.
  • AE-48587 : Timeout support added for scanning VMWare machines.
  • AE-48790 : Exception while re-scanning and updating ESX host machines if the device was identified as a workstation during initial discovery.
  • AE-48372 : NullPointerException while parsing serial number for VMWare machines.
  • AE-48804 : Audit history cleanup schedule not working for huge data.
  • AE-48110 : Cannot scan Japanese workstations with Ubuntu Operating system.
  • AE-48865 : NumberFormatException while parsing printer memory details.
  • AE-48791 : Query optimized for performance issue reported on viewing the failed workstation list view.

Enhancements in service pack 5617

  • AE-48839 : Support for mentioning contract types,creating child contracts and enhancements in contract renewal.

ManageEngine AssetExplorer 5616

Issues fixed in service pack 5616

  • AE-48610 : The default report ‘Software by manufacturer’ does not work if the database is postgres.
  • AE-48605 : The default report ‘Rarely used software installations’ does not work if the database is postgres.
  • AE-48591 : Unable to restore the linux postgres backup data into windows server.

ManageEngine AssetExplorer 5615

Enhancements in service pack 5615

  • AE-48607 : PostgreSQL database support is added.

ManageEngine AssetExplorer 5614

Issues fixed in service pack 5614

  • AE-46841 : Option to turn off processing scanned xmls submitted through http from remote machines.
  • AE-48114 : Cross-site scripting vulnerability identified in parsing scanned xmls has been fixed.

ManageEngine AssetExplorer 5613

Enhancements in service pack 5613 (Released on 2nd November 2012)

  • AE-47798 : Support for approving Purchase Orders by multi-level approvers.

Issues fixed in service pack 5613

  • AE-46643 : Deleted users are listed in All Cis list view
  • AE-46811 : Global search filter’s default text is not cleared while clicking in the search field.
  • AE-47205 : Servers cannot searched in global Workstation/Server search, now a new filter for server search is available.
  • AE-47431 : Cannot add attachments to contracts after upgraded to AssetExplorer 5611
  • AE-47204 : Linux scan script contains invalid path for bash location.
  • AE-47406 : License agreement’s attachment functionality is not working properly.
  • AE-47513 : SocketException while trying to scan a solaris machine.
  • AE-47588 : No alert message while reconciling two workstations received by PO.
  • AE-47641 : Contract xls import adding ‘From date’ greater than ‘To date’ field.
  • AE-47688 : Complete Asset scan history gets deleted when schedule audit history cleanup enabled.
  • AE-47524 : Error while reconciling workstations from workstation’s list view.

ManageEngine AssetExplorer 5612

Features added in service pack 5612 (Released on 15th October 2012)

  • AE-47522 : Ability to imports contracts from excel.
  • AE-47605 : Ability to localize or modify the names of CI Types, Product Types and Relationship Types

ManageEngine AssetExplorer 5611

Features added in service pack 5611 (Released on 29th August 2012)

  • AE-46613 : Service tags can be imported while receiving workstations/servers in Purchase Order
  • AE-46784 : Apart from SDAmin,non-admin technicians can also create query report by enabling fine grained authorization check “Create Query Report” while adding or editing a role.
  • AE-31535 : Ability to perform remote control using other tools like Windows Remote Desktop, VNC, Team Planner, DameWare etc

Issues fixed in service pack 5611

  • AE-41383 : Cannot delete workstations with huge audit history.
  • AE-45818 : Technicians with Asset full role with Scan Now option enabled cannot do a �New scan� in workstation listview.
  • AE-46528 : Cannot fetch OS name and hardware details in Solaris machine due to non-bash shells.
  • AE-46543 : Software not fetched during importing of japanese linux scanned xml.
  • AE-46615 : Hardware details not fetched during importing of linux scanned xml.
  • AE-46624 : More threads waiting for getting printer’s server name during bulk scanned xml import
  • AE-44910 : Software ci gets deleted from list view, while removing any of its relationships.
  • AE-46730 : When scanning a VM, its relationship with VMHost is lost.
  • AE-46736 : Problem with scanning linux machine if the output for uname -s returns in 2 lines
  • AE-46739 : While scanning a linux machine, if the port 9090 is open, trying to scan via agent and stopped instead of proceeding to linux scan
  • AE-46313 :Installed column becomes zero after applying licenses in Software details page.
  • AE-44051 : Date format is not personalized in Purchase Order non-login page.
  • AE-45922 : Inventory data will be lost while moving from workstation product to server product.
  • AE-46344 : Purchase Order attachment not accessible in non-login page.
  • AE-46346 : The message displayed after approving or rejecting a Purchase order has been modified.
  • AE-46709 : While scanning ESX Virtual Machine, VM’s alias name is fetched instead of VM host name.
  • AE-46755 : Audit reports are not site based.
  • AE-46904 : Worskstation name changed to ipaddress during scheduled scan.

ManageEngine AssetExplorer 5610

Issues fixed in service pack 5610 (Released on 11th June 2012)

  • AE-46185 : Model of the HP printers not detected during scan.
  • AE-46179 : Local credentials provided for certain devices gets overwritten with domain/network credentials if domain scan or network scan is performed.
  • AE-46165 : Error while viewing the asset details page if AssetExplorer is installed in Spanish OS server.
  • AE-46183 : Time out error while scanning Solaris machines.

ManageEngine AssetExplorer 5609

Issues fixed in service pack 5609 (Released on 21st May 2012)

  • AE-45840 : Vulnerability in agent based scanning.
  • AE-45838 : Unable to view the purchase order which has the attachments after applying the service pack.
  • AE-45711 : Unable to change the product type from one consumable type to another consumable type in product page.
  • AE-45532 : Major/Minor version association is got removed after updating the product details in admin page
  • AE-45174 : Unable to apply the license file in linux installation.
  • AE-43388 : Installed count showing ‘0’ value for CAL in license listview.
  • AE-42755 : Asset product is changed to ‘Unknown Device’ while changing the asset’s product type to another type.
  • AE-36695 : When a software version update occurs, the license is deallocated.
  • AE-45837 : Unable to import assets from CSV file if the asset’s department is present in more than one site.
  • AE-44155 : Product type is not deleted after deleting the CI Type.

ManageEngine AssetExplorer 5608

Issues Fixed in Service Pack 5608 (Released on 25 April, 2012)

  • AE-45733 : Unable to apply ‘Service Pack’ from linux installation.
  • AE-45734 : Unable to start the server after restoring the backup data.

ManageEngine AssetExplorer 5607

Enhancements in Service Pack 5607 (Released on: 23 April, 2012)

  • AEF-43454 : Provision to map configured user additional fields to fields in Active Directory while performing user’s import.
  • AEF-43585 : Ability to schedule user’s import from CSV.
  • AEF-43587 : Support for columns serial number, location, asset tag, acquisition date, expiry date and warranty expiry date in workstation and asset list views.
  • AEF-44175 : Frequently asked query reports provided under reports section for both MySQL/MSSQL databases.

Issues Fixed in Service Pack 5607

  • AE-43837 : Software not detected in certain latest versions of Mac machines.
  • AE-42518 : CMDB reports got corrupted when a CI Type was moved from IT to Non-IT.
  • AE-42795 : Reports exported to Excel format can handle more than 65000 rows.
  • AE-43275 : User’s site information get removed when importing users from remote server to central server.
  • AE-43292 : While creating new attributes for a CI Type, only the last attribute added is displayed in the list view of the CIType.
  • AE-39525 : Contract expiry notifications delayed by a day from the value specified in "Notify before days".

ManageEngine AssetExplorer 5606

Issues fixed in 5606 (Released on: 11 January, 2012)

  • AE-41346 : Exception while editing a workstation by technicians with full control of Asset Module (without SDAdmin role).
  • AE-39389 : Technicians with full control of Asset Module (without SDAdmin and CMDB role) cannot import assets from CSV file.
  • AE-41793 : CSV import failed for certain workstations if the model field in the CSV import was case sensitive.
  • AE-39999 : Scan getting failed when the software manufacturer name having more than 150 characters.
  • AE-43119 : License keys are not detected in case of scanning through agent.
  • AE-39095 : Unable to delete workstations which had huge date of audit history.
  • AE-40398 : Cannot import remote server data into central server if the data had some special characters.
  • AE-41822 : LDAP import getting failed in case of Novel eDirectory.
  • AE-42821 : While scanning VMHosts, relationships between VMHosts and VMs were not established if the VMs were scanned even before the VMHost was scanned.

ManageEngine AssetExplorer 5605

Issues fixed in 5605 (Released on: 17 November, 2011)

  • AE-41966 : Workstations getting overwritten based on machine name instead of service tag in WMI scanning.
  • AE-41967 : Entries from the table DynamicTables getting removed while restoring the backup data.

ManageEngine AssetExplorer 5604

Enhancements in 5604 (Released on: 02 November, 2011)

  • AE-40751 : Scanning inventory for VMWare host machines (Supports ESX/ESXi 3.5 to 4.1).
  • AE-41214 : Option to configure email ids to notified apart from choosing technicians for contract expiry notification.
  • AE-41213 : Option to send multiple expiry notifications for a contract.
  • AE-41212 : Option provided to additional comments while changing the state of assets or assigning it to a user/department.
  • AE-40395 : Scan script for Mac machines.
  • AE -39145 : Fetching user accounts from Windows machines during scan.
  • AE-40327 : Default report to find assets depreciated by 50% or below.

Issues Fixed in 5604

  • AE-41363 : System type(32 bit/64 bit) details not shown for windows XP/2003.
  • AE-41159 : Microsoft office license key not fetched in agent based scanning.
  • AE-40850 : Importing CSV file by having workstation UDF fields without asset UDF fields causes error.
  • AE-40749 : Remote Control not working in Firefox 5.0
  • AE-40722 : Exception throws on home page, if a product type is named as “Others”
  • AE-40537 : When UAC is enabled in Windows Vista and later OS, viewer hangs during remote control.
  • AE-40393 : Showing last logged in user in Mac machines.
  • AE-40392 : Showing last logged in user in linux machines.
  • AE-40302 : Contract notification is not sent, if a technician with invalid email id is chosen.
  • AE-40157 : While adding description with new line characters in the workstation"s add cost popup, details are shown in a single line.
  • AE-40124 : Workstation filter is not reset to “All” after searching in Workstation list view.
  • AE-39908 : Site restricted technicians are not able to view query based report.
  • AE-41154 : While performing auto assign workstation, option to configure "Retain users site as assets site".

ManageEngine AssetExplorer 5603

Enhancements in 5603 (Released on: 22 August, 2011)

  • AEF-39502: Asset Depreciation - The depreciation costs of all the assets can be calculated by choosing the appropriate depreciation method either at the product level or asset level.
  • AEF-38896: Public key authentication support for scanning linux machines
  • AEF-40001: Support for scanning the linux machines using shell script. The script can be used for scanning linux machines not in network or to push inventory data from the remote machines to the server.
  • AEF-39816: RAM frequency details fetched during scan.
  • AEF-39816: Date fields in all the forms can be edited manually without choosing the calender.

Issues fixed in 5603

  • AE-39870: Some unwanted IPs are getting added when scan is triggered by enabling "Check for newly added workstations".
  • AE-39501: Shipping and billing address with more than 30 characters cannot be added in PO.
  • AE-39787: Not more than 10 characters can be provided in the first field of add new vendor form.
  • AE-39872: Workstations CSV import failed if the harddisk capacity was provided without harddisk serial number.
  • AE-40003: In the components list view, not able to find the users who owned the components.

ManageEngine AssetExplorer 5602

Enhancements in 5602 (Released on: 15 July, 2011)

  • AEF-38867: Support for sending notification to user(s) upon installation of prohibited software.
  • AEF-39408: Support to identify workstations with duplicate ‘Service Tag’ and ‘MAC Address’ from Admin tab --> General Settings.
  • AEF-38868: Support to enable or disable the scan option while creating/editing a role.

Issues fixed in 5602

  • AE-38969: Unable to push the remote server data to central server when no site is specified in 'Central Server Configuration' page.
  • AE-39449: Slow response while searching the workstation/server from global search.
  • AE-39277: Showing all the deleted people list while adding 'Used by' relationship in asset’s add relationship page.
  • AE-38844: Certain software not detected on 64 bit machines.

ManageEngine AssetExplorer 5601

Enhancements in 5601 (Released on: 18th June, 2011)

  • AEF-39000: Option to add attachments in Purchase Order without editing it.
  • AEF-38692: I18N support for CI and relationship attributes.
  • AEF-38115: While scanning MS SQL Server software from the machines, the edition of the software is also fetched.

Issues Fixed in 5601

  • AE-38855: Domain name getting duplicated in the domain list view during scan.
  • AE-38734: Assign Owner popup is not closed in firefox when the action is performed from list views.
  • AE-38704: A server under Application Server CIType with OS as Microsoft Windows would be moved under Windows Server CIType upon editing it.
  • AE-38705: A parent CIType and its childs with CIs in it and which are not assets (i.e “Track as assets” is disabled).If the parent CIType is now moved under an asset CI Type (for eg:Server), the mapping to Server is not established appropriately.
  • AE-38659: While performing an AD users import login name is populated in place of display name.
  • AE-38887: While performing a scheduled AD import of users, the checkbox status for “Move associated assets” is not retained.
  • AE-38870: Agent failed to start in certain machines due to dll corruption and agent version upgraded to 1.0.6.

ManageEngine AssetExplorer 5600

Enhancements in 5601

  • AEF-39000: Option to add attachments in Purchase Order without editing it.
  • AEF-38692: I18N support for CI and relationship attributes.
  • AEF-38115: While scanning MS SQL Server software from the machines, the edition of the software is also fetched.

Issues Fixed in 5601

  • AE-38855: Domain name getting duplicated in the domain list view during scan.
  • AE-38734: Assign Owner popup is not closed in firefox when the action is performed from list views.
  • AE-38704: A server under Application Server CIType with OS as Microsoft Windows would be moved under Windows Server CIType upon editing it.
  • AE-38705: A parent CIType and its childs with CIs in it and which are not assets (i.e “Track as assets” is disabled).If the parent CIType is now moved under an asset CI Type (for eg:Server), the mapping to Server is not established appropriately.
  • AE-38659: While performing an AD users import login name is populated in place of display name.
  • AE-38887: While performing a scheduled AD import of users, the checkbox status for “Move associated assets” is not retained.
  • AE-38870: Agent failed to start in certain machines due to dll corruption and agent version upgraded to 1.0.6.

Features added in service pack 5600

Enhancements in CMDB Module

  • With this release all assets,people (users and technicians), documents, IT and Business Service etc are tracked as configuration items (CIs).
  • All CIs are categorized under CI Types and each CI Type can have different set of attributes and relationships.
  • CI Types can be configured in an hierarchical structure and a child CI Type would inherit the attributes and relationships of the parent CI Type.
  • Unlike the previous version, any type of relationship can be configured between two CIs.
  • CIs are identified during scan, AD import and categorized under appropriate CI Types. CIs can also be imported from CSV files.
  • Enhanced CI relationship map which allows viewing the relationships to N levels. The relationships of a node are displayed upon clicking it.

Issues fixed in 5600

  • Agent failed to start when UAC is enabled in Windows Vista.
  • Showing command prompt during agent install/upgrade/uninstall has been removed.
  • Agent status is not updated to the server if agent is uninstalled manually.
  • The manufacturer of a software can be edited from the software details page.
  • StackOverFlow error and OutOfMemory error during reconcile of workstations.
  • OU population takes a long time during users import from Active directory and domain scan when the OUs is high.
  • Microsoft Office license keys not fetched in Windows7 64 bit machines.
  • While importing users from Active directory if the department for the user is changed, corresponding change was not reflected in the assets owned by the user if “Move associated assets” was not checked during import.

ManageEngine AssetExplorer 5504

Issues fixed in service pack 5504

  • Agent failed to start in certain machines due to dll corruption.
  • Blank page during login in free version of AssetExplorer.

ManageEngine AssetExplorer 5503

Issues fixed in service pack 5503

  • Software is not detected during scan in Debian machines.
  • Internet Explorer is not detected while scanning windows vista machines.
  • All IpAddresses are not detected while scanning linux machines.
  • Remote server data is not imported into the central server if the users email id is empty.
  • Asset additional fields not shown in the workstation list view.
  • Print preview provided for non it assets.
  • RemoteControl failed for vista and later operating systems when prompt for getting user’s permission is configured.
  • Installation count is not displayed correctly in software details page if major-minor version grouping is configured for a software.
  • Copy and paste (Ctlr+c and Ctlr+v) does not work during remote control.

ManageEngine AssetExplorer 5502

Issues fixed in service pack 5502

  • Site association is removed for asset(s) in “In Store” state after a Domain/Network scan is performed without choosing a site.
  • Unable to approve the PO if the approver name contains a single quote.|
  • Unable to edit the PO created date.
  • UI alignment is not proper in License Agreement details page.
  • User, department ,site and region details included in agent related list views.
  • Last logged user field changes from a user name to blank after a scan, if scan is performed using script as logon script or through agent with “Scan of system startup” enabled.
  • Some of the software titles are displayed with ####AND#### instead of ‘&’ after script or agent scan.
  • Software version is not updated properly during rediscovery of workstations/servers.
  • Similar to agent based scan, WMI scan will fetch software installed by all users from Windows machines.
  • If an asset in moved to “In Store” state, the association of components with the asset will not be removed.

ManageEngine AssetExplorer 5501

Issues fixed in service pack 5501

  • Hard disk and Memory Module information is not fetched while scanning Solaris machines.
  • Memory details are not fetched while scanning Mac machines.
  • Problem while scanning AIX machines when OS version is fetched.
  • Change credentials not happening from device details page for network devices.
  • Organization logo is displayed in PO even after disabling it under Admin tab -->Company details.
  • Unable to search for server(s) from the global search.
  • Domain information is lost after changing a user to technician.
  • Problem while searching for resources from the global search in non-English version.
  • 'Order this PO' link not displayed for the PO owner.
  • Vendor’s Email ID is not displayed in purchase order form.
  • Site is not populating automatically after choosing user/department in “Assign Owner” screen.
  • Unable to connect and push data to central server using 'Local Authentication' from remote server in case of distributed asset scanning.
  • Software reports showing improper purchased and installation counts under certain conditions.
  • 'Server with less than 10% free space' report is not working with MS SQL database server.
  • PO Overdue notification is not sent later if application is not running when the notification action has been scheduled.

Features added in service pack 5500

  • Agent based scanning for windows workstations and servers.
  • Support for fetching inventory from AIX machines.
  • Support for scanning 64bit software.
  • Support for multiple languages apart from English.
  • PO work flow has been enhanced to include four new states : Ordered, Items Received, Invoice Received and Payment Done with support for adding invoice and payment details.
  • Multi Approval : Provision to configure multiple approver’s for a PO.
  • Ceiling limit for PO approver : Provision to restrict an approver to approve a PO based on the total cost of the PO.
  • Support for configuring different tax rates for items in single PO.
  • Consumables : Items that are of type consumable would not be added as individual asset while they are received from PO.
  • Reconcile assets : Provision to reconcile assets created by receiving items from PO and assets added during scan.
  • Support for different license types like OEM, concurrent, enterprise - subscription, enterprise - perpetual, free, named user, node locked, trial apart from the existing CAL,volume, individual. License types for Microsoft,Adobe and Symantec are configured by default.
  • Support for configuring custom license types.
  • Support for license agreements and notifications on license expiry.
  • Importing software licenses from CSV.
  • During bulk allocation of licenses, licenses would be allocated to corresponding machines based on the license key fetched during scan and license key of the licenses.
  • Auto sync of Distributed data - The inventory data scanned in the remote AE servers would be pushed automatically to the central AE server. This would be a periodic process and any change in inventory data in the remote server would be synchronized with the central server.
  • Remote Control settings : Remote control to a machine would prompt for user’s permission by default to access the machine. Machines for which the prompt is not required (for eg: Servers) can be configured from the workstation/server list views.

Other Enhancements

  • Problem in scanning dual processors in a machine has been fixed.
  • Manually added software to workstation would be retained even after subsequent scans. Previously, those software would be removed during subsequent scans.
  • Site restriction on asset removed : Previously asset’s site is determined by the site in which the user of the asset is. Now asset can be associated to a site other than its user’s site.
  • Provision to add invalid servicetag list and OIDs for network devices from UI.

Issues fixed in AE5 - 5103 :

  • Problem while importing the standalone audit scan information through xml when the software name is not available.
  • In custom reports filter, vendor details were also displayed when site was chosen.
  • The software ‘Microsoft Security client’ was not detected in scan.
  • The changes in product name of servers was not updated during re-discovery.
  • Problem while scanning solaris zone machines.
  • Certain workstations getting overwritten due to same machine name even though servicetag is different.

Issues fixed in AE5 - 5102 :

  • Duplicate department error while importing users from the Active Directory / CSV file when the department with the same name is already marked as deleted.

  • New column(s) added in Custom report under module Workstation/Resources.

  • Bar code

  • Last logged user

  • Workstation type (Desktop/Laptop)

  • Lease start date

  • Lease end date

  • Unable to remove the product even if the product is not associated to any asset(s).

  • ‘Order By’ functionality in reports section is not working properly with MSSQL database.

  • Junk values in MAC Address if the machines are scanned using scan script.

  • Scanned information(s) is not updated properly in database if scanning of a machine takes more than 5 minutes.

  • While doing individual workstation scan or network scan, it’s updating the scanned data to the another machine.

  • Incorrect BIOS date in harware details page for Linux machines.

  • Showing different history information while doing scan using ‘Scan now’ option and scan script.

  • Selected OU’s structure is not maintained during subsequent scans.

  • Junk values in monitor serial number while doing domain scan.

  • Error while scanning linux machines (One of the mandatory field value is set as NULL).

  • Unable to change the user’s department if user is owner for an asset.

  • Not able to save the location details in asset page without giving site information.

  • Multi processor information is not fetched in Linux machine.

  • Error while scanning Mac machines if the machine memory module details are having encrypted content or empty string.

  • Unable to update the site information of assets if the asset ownership is having user or department not assigned to any site.

  • Always showing ‘Hardware removed’ and ‘Hardware added’ in EMail notification after domain scan.

  • Purchase order listview column customizer is not working in firefox browser.

Issues fixed in AE5 - 5101 :

  • Unable to import the asset(s) from CSV file if department is specified without site information.
  • Expired and Disposed workstation(s) removed from Unaudited workstations list view.
  • Expired and Disposed assets removed from assets list displayed under “Associate to Asset” option in “Assign Owner” screen.
  • License details is not removed if the software type is changed from Managed to any other type.
  • Home page software compliance type graph is not showing the count properly in case of major-minor version grouping.
  • Compliance type not displayed properly if volume license is purchased for particular software.
  • Changing the report column order is not working.
  • SQL Query report ‘Order By’ functionality is not working.
  • Asset home page ‘Asset Summary’ dashboard is not showing their count properly if the product type count is greater than 10.
  • OU’s page is not loading if the OU’s count is too large.
  • AD User(s) import is not working with windows 2008 server.

Features added in service pack 5100

  • Support for Client Access License (CAL).
  • Support for fetching users from LDAP and LDAP authentication.
  • Support for Personalized date format.
  • Support for scanning Multi Processor information in linux machines.
  • New role ‘Remote Desktop Access’ is added to restrict technicians from using Remote Control.
  • Support for additional fields for Software License.
  • Fetching software from Mac machines.

Issues fixed in AE5 - 5100

  • Remote Control to Windows Vista OS and Remote Control from Firefox 3.
  • Restriction on specifying the contract notification period.
  • Performance issues in scanning Windows machines using Logon script.

Features added in service pack 5005

  • Support for scanning Solaris machines using telnet or SSH.
  • Support for volume licensing apart from the current individual and enterprise licensing.
  • Support for fetching multiple processor details from the workstations.
  • Support for scanning the workstations in silent mode using the scan script(Scan tab --> Standalone workstation audit). This script can be configured as a logon script in Active Directory and even in case of failure the error message would be pushed to the AE server without prompting the error message to the workstation users.

Issues fixed in Service Pack 5004:

  • Site field is missing in software license edit page.
  • Software Summary Report is showing duplicate workstations for certain criteria.
  • Modify product type option added in workstation and other assets listview.
  • While editing the server, product’s of type server are not displayed under model dropdown.
  • Duplicate workstations in software details page.
  • Exception while deleting the multiple workstation(s) from the listview.
  • Exception while scanning the network devices like printer, router, switch and access point.
  • Service pack installed workstation listview always showing all workstation(s) even if the logged in user has restricted site access.
  • Unable to generate the advanced matrix report for certain criteria choosen.
  • Audit report is not working with SQL Server 2000.
  • Summary report print preview is not working properly if the report is having any criteria in filter page.
  • HTTP 500 error while viewing the user details in software details page.
  • Data model schema added for software in New query report option.
  • Department is not checked by default in AD user’s import wizard.
  • Network/Windows domain scan audit changes notification is sent to the wrong technician at times.
  • While changing the asset state from ‘In Use’ to ‘In Repair’ its removing the attached assets and components.
  • Spot search is not working in failed workstations list view.

Issues fixed in Service Pack 5003:

  • 100% CPU usage when the product or SQL Server is running in non-english OS.
  • Creating duplicate workstations in the listview after changing the resource state from custom state to 'In Use’.
  • GL Code size increased from 20 to 250.
  • Server machines is not removed from the server listview, after changing the product type from ‘Server’ to other product.
  • Software information is missing after importing the scanned windows data into linux machine.
  • Contract notification template format is not reflected in the EMail to the owner/vendor page.
  • Dynamic group listview showing the incorrect information for the site column.
  • Location, Warrenty Expiry date, GL Code and Cost Center added in reports.
  • Rendering exception while searching the software from the global search.
  • New purchase order quantity field accepting alpha numeric value.
  • Workstation listview advanced filter not working properly.
  • Software licensing, connected asset(s) and attached component(s) will be removed if the asset changed from ‘In Use’ to 'Disposed’/ 'Expired’.
  • Memory and date column comparison is not working properly in reports.
  • Matrix report title always showing Untitled.
  • Unable to edit, save and schedule the audit report.

Issues fixed in Service Pack 5002:

  • Unable to import the non english scanned assets from Remote Server.
  • Duplicate department(s) created after importing the user(s) from the Active Directory.
  • IP Address column added in Dynamic Group Criteria list.
  • Provision to assign the site to all the resource states except ‘In Use’ and ‘In Repair’ states.
  • Expired contract(s) not sending all the asset(s) in notification mail.
  • Adding new asset from the asset list view its not choosing the right product name instead it showing all the products.
  • Asset Home page is not displaying properly.
  • Software information not fetching from the Windows vista machine.
  • While editing the server, appropriate model is not displayed.
  • Site restriction defined for technicians get removed after importing users from Active Directory.
  • Unable to schedule the audit report(s).
  • Date format issue in Asset CSV import.

Issues fixed in Service Pack 5001:

  • Asset and Workstation listview performance issues fixed.
  • Software listview installed count allways showing zero for unmanaged softwares.
  • Browser cache Issues fixed.
  • Home page graph not loading properly fixed.
  • Duplicate resources in Dynamic Group listview fixed.

Features added in AssetExplorer 5000:

  • Support for MSSQL apart from MySQL.
  • Defining roles for technicians i.e technician access can be restricted to certain modules alone like assets alone, purchase alone e.t.c.
  • Backup scheduling : The entire data can be backed up on a periodic basis to a remote server.
  • Distributed asset scan to support for printers, routers, switches and users imported from Active directory apart from workstations alone.
  • Provision to remote connect to a Windows workstaion.
  • Provision for attachments and additional fields in purchase order with enhanced approval system.
  • Site based access restriction for technicians. For eg: a technician can be restricted to view, add,update or delete any data pertaining to California site alone. This would be helpful for organizations distributed across multiple sites.
  • Provision to add custom resource states.
  • Provision to add contract additional fields.
  • Asset Relationships - Helps in providing a quick view of all the assets that are impacted if a particular asset is down. For eg: View all the workstations that are affected if a printer is down.
  • AD Authentication for technician login.
  • Provision to bulk select and scan from workstations, other IT assets and groups list view.

README for Version 4.0 and above****Issues fixed in Service Pack 4017:

  • Issues related to fetching service tag, product and bios details in case of linux machines have been resolved.
  • Issue in displaying workstation and asset additional fields in the details page (Resource Info page) has been fixed.

Issues fixed in Service Pack 4016:

  • Certain memory issues in software license management has been fixed.

Features added in Service Pack 4015:

  • Fetching service tag, model, bios information, memory modules for linux machines during scanning.
  • Fetching software version for all software while scanning.
  • Certain memory issues while adding software licenses has been resolved.

Feature added in Service Pack 4014:

  • Certain memory issues while scanning large number of workstations has been resolved.
  • Auto pushing of agent to the remote workstations in case of DCOM failures while scanning.

Feature added in Service Pack 4013:

  • Distributed workstation scan: AssetExplorer will help you scan assets distributed across multiple sites. Install AssetExplorer in your remote sites where you want to scan assets. When scanning is complete, you will be able to export the data from the remote AssetExplorer server in the site and import it in your central AssetExplorer Server.

Issues fixed in Service Pack 4012:

  • Attachments not being displayed in old contracts.
  • Problem in scanning workstations which has two entries for the same software in the registry.

Features added in Service Pack 4011:

  • Stand alone workstation audit i.e., provision to scan workstations not in network, copy the inventory data and import it in to AssetExplorer server.
  • Scan for printer configuration details from workstations.
  • Scan for software installation date.
  • Provision to add new software type and software category.

Issues fixed in Service Pack 4011:

  • License keys not fetched from Microsoft Office 2007.
  • Oracle client installation not being scanned.
  • No able to delete a domain.
  • Not able to stop scanning from the Windows domain scan popup window.
  • Physical memory conversion issues in reports.
  • Manually modified servicetag getting changed in subsequent scan.

Features added in Service Pack 4010:

  • Asset Lease Expiry Notification.
  • Workstation-Server classfication.

Issues fixed in Service Pack 4010:

  • Workstation state automatically changing to “In Store” state.
  • Exceptions when scanning a workstation through WMI Scan Script.
  • Memory shortage problem during importing users from Active Directory.

Features added in Service Pack 4009:

  • WMI Logon Scripts to push the Hardware and software inventory into AssetExplorer Server.
  • Provision to attach Documents to all Assets.

Issues fixed in Service Pack 4009:

  • Problem while deleting Domains.
  • Workstation Audit History Problem in large DHCP enabled networks.
  • Workstations inventory not getting updated on successful re-scans.

Features added in Service Pack 4008:

  • Support for fetching inventory details of Printers, Routers and Switches.
  • Support for modifying the Product and Product Type of any asset.

Features added in Service Pack 4005:

  • Scan for Windows service packs and hotfixes.
  • Scan for software in Linux workstations.
  • Support for resource and workstation addtional fields in reports.
  • Enhanced import workstations from CSV file.

Issues fixed in Service Pack 4005:

  • Unable to allocate more than 10 software licenses from a particular software page.

Features included in Service Pack 4004:

  • Scan range of IP address in Network Scan.
  • Support for scanning Mac workstations.
  • SSH support for scanning Linux and Mac workstations.
  • Provision to configure scan credentials for individual workstation.
  • Bulk modification of scan credentials from workstation list view.

Issues fixed in Build 4002:

  • Unable to schedule more than one report.
  • Unable to view assets associated with a Purchase order if the name of the asset is modified.
  • Organizational units not being listed when hierarchy in AD is modified.
  • If some users are deleted and import users from AD is performed, the deleted users are not getting added.
  • Option for bulk modification of state in Workstations and Assets list view.

Issues fixed in Build 4001:

  • Unable to start both AssetExplorer and ServiceDesk Plus as windows service in the same machine.

Need help ?

Want help with upgrading AssetExplorer to the latest version? Contact AssetExplorer Support

Related news

Red Hat Security Advisory 2024-0777-03

Red Hat Security Advisory 2024-0777-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, information leakage, and open redirection vulnerabilities.

Red Hat Security Advisory 2024-0776-03

Red Hat Security Advisory 2024-0776-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate

Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware

The North Korea-linked threat actor known as Lazarus Group has been observed exploiting a now-patched critical security flaw impacting Zoho ManageEngine ServiceDesk Plus to distribute a remote access trojan called such as QuiteRAT. Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S., cybersecurity company Cisco Talos said in a two-part analysis

Lazarus Group's infrastructure reuse leads to discovery of new malware

Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

CVE-2023-0342: Ops Manager Server Changelog — MongoDB Ops Manager 6.0

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code

The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer designed to search for and archive specified file types," Symantec said in a

RHSA-2023:3299: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-7692: PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An...

RHSA-2023:3198: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26291: A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that r...

RHSA-2023:1866: Red Hat Security Advisory: OpenShift Container Platform 4.10.58 security update

Red Hat OpenShift Container Platform release 4.10.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42889: A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Common...

Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems

An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022. "This Mint Sandstorm subgroup is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing N-day vulnerabilities, and has demonstrated agility in its operational focus, which appears to align

CVE-2022-37306: OX App Suite Cross Site Scripting

OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.

Red Hat Security Advisory 2023-1655-01

Red Hat Security Advisory 2023-1655-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. Issues addressed include bypass, cross site scripting, information leakage, insecure permissions, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-1525-01

Red Hat Security Advisory 2023-1525-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.59.

RHSA-2023:1524: Red Hat Security Advisory: OpenShift Container Platform 4.9.59 security update

Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42889: A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vu...

Red Hat Security Advisory 2023-1006-01

Red Hat Security Advisory 2023-1006-01 - This release of Red Hat build of Quarkus 2.7.7 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, denial of service, deserialization, information leakage, memory leak, and remote SQL injection vulnerabilities.

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 (CVSS score: 9.8), the remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers. As many as 24 different products, including Access

Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the Endpoint Central SAML endpoint. Note that the target is only vulnerable if it is configured with SAML-based SSO, and the service should be active.

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below. Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the ADSelfService Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status.

Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the ServiceDesk Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status.

RHSA-2023:0261: Red Hat Security Advisory: Satellite 6.12.1 Async Security Update

Updated Satellite 6.12 packages that fixes critical security bugs and several regular bugs are now available for Red Hat Satellite.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32224: activerecord: Possible RCE escalation bug with Serialized Columns in Active Record * CVE-2022-42889: apache-commons-text: variable interpolation RCE

Unpatched Zoho MangeEngine Products Under Active Cyberattack

The latest critical bug is exploitable in dozens of ManageEngine products and exposes systems to catastrophic risks, researchers warn.

Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It's Too Late!

Users of Zoho ManageEngine are being urged to patch their instances against a critical security vulnerability ahead of the release of a proof-of-concept (PoC) exploit code. The issue in question is CVE-2022-47966, an unauthenticated remote code execution vulnerability affecting several products due to the use of an outdated third-party dependency, Apache Santuario. "This vulnerability allows an

Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability

Categories: Exploits and vulnerabilities Categories: News Tags: Zoho Tags: ManageEngine Tags: PoC Tags: RCE Tags: CVE-2022-47966 Tags: CVE-2022-35405 Tags: SAML Tags: Apache Santuario Proof of Concept code is about to be released for a vulnerability in many ManageEngine products which could enable RCE with SYSTEM privileges. (Read more...) The post Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability appeared first on Malwarebytes Labs.

Gentoo Linux Security Advisory 202301-05

Gentoo Linux Security Advisory 202301-5 - A vulnerability has been discovered in Apache Commons Text which could result in arbitrary code execution. Versions less than 1.10.0 are affected.

RHSA-2022:8902: Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.18.3 release and security update

A minor version update (from 3.14.5 to 3.18.3) is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25897: sdk-server: Denial of Service * CVE-2022-31684: reactor-netty-http: Log request headers in some cases of invalid HTTP requests * CVE-2022-42889: apache-commons-text: variable interpolation RCE

Red Hat Security Advisory 2022-8876-01

Red Hat Security Advisory 2022-8876-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a denial of service vulnerability.

RHSA-2022:8876: Red Hat Security Advisory: Red Hat AMQ Broker 7.10.2 release and security update

Red Hat AMQ Broker 7.10.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25857: snakeyaml: Denial of Service due to missing nested depth limitation for collections * CVE-2022-38749: snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode * CVE-2022-38750: snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject * CVE-2022-38751: snakeyaml: Uncaugh...

Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability

The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.

Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to

GHSA-599f-7c49-w659: Arbitrary code execution in Apache Commons Text

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators ...

CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolator...

CVE-2022-35403: ManageEngine security advisory

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)

CVE-2022-26869: DSA-2022-014: Dell EMC PowerStore Family Security Update for Multiple Vulnerabilities

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.

CVE-2020-25695: PostgreSQL: Security Information

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-25695: PostgreSQL: Security Information

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2019-12537: ManageEngine AssetExplorer Read Me

An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907