HCL Software is pleased to announce an update to BigFix WebUI, MCM and Insights for Vulnerability Remediation!
The main features in this release are as follows:
WebUI Extensions!
BigFix is now introducing the ability to extend WebUI beyond what is delivered in the products for which you are currently entitled. These extensions will be accessible in the UI through the global navigation and used seamlessly together with the rest of the applications.
At this time, the development of WebUI extensions is limited to HCL in order to accelerate the customization of the interface to your needs outside of the published applications (contact your HCL representative for more information). In the future, we do plan to publish an official SDK to enable customers to create their own WebUI extensions!
Other enhancements:
- Take Action Dialog: you can now modify or override applicability relevance, success criteria and actionscript directly during the action deployment process
- Device view: it is now possible to delete endpoints
- Total number of active WebUI sessions is now logged at standard logging levels
- Patch and Patch Policies: Added RHEL 9 and Debian 11 support
- Patch Policies: Added autorefresh settings to sidebar
- Patch Policies: Data is now signed to prevent tampering and improved security
- IVR: New upgrade Fixlet to simplify upgrades from older versions of the IVR Service. Please see the IVR Fixlets and Tasks documentation for more details.
- IVR App: Document page now displays Impact information for Qualys
- IVR: Added new Fixlet to configure approvelist for IVR Report Download URLs
- Insights: TypeORM upgrade to 0.3.10
- Insights: Row Level Security (RLS) Enhancements
MCM /Mobile updates:
- MCM now supports MacOS Ventura (Version 13)
- MCM Security updates: PRB0101288 / PRB0109646 (CVE-2022-347616, CVE-2022-31129, CVE-2022-25887, CVE-2021-27782)
- Note that there were some important recent changes in the Plug-in Portal which improve device representation in the WebUI for Cloud and MCM endpoints referenced here: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0093657
The WebUI release addresses the following Security Vulnerabilities:
- CVE-2022-38655 (BigFix WebUI)
- CVE-2022-31129 (moment)
- CVE-2022-25887 (sanitize-html)
- CVE-2022-33987 (got)
- CVE-2021-41184, CVE-2021-41183, CVE-2021-41182, CVE-2022-31160 (jquery-ui)
- CVE-2021-32013, CVE-2021-32014, CVE-2021-32012 (js-xlsx)
- CVE-2022-25896 (passport)
- CVE-2022-39299 (passport-saml)
- CVE-2022-37616 (xmldom)
- WS-2022-0322 (d3-color)
This release addresses the following Defect Articles:
- KB0101193 - Four Eyes Authentication check issue
- KB0099159 - Custom Retrieved Properties from Actionsite cause Values to be missing from WebUI
- KB0093158 - Cannot create new dashboards in WebUI
- KB0100676 - Patch Policies- Don’t issue actions for deleted groups
- KB0100410 - Labeling of the stagger action option
- KB0098853 - Patch Policies doesn’t clean up PP_Schedule_ID client settings (resolved for Windows endpoints only)
- KB0094270 - Insights Deviceinventory report: inconsistency between the Total Devices and the device actually in Console
- KB0097967 - Insights ETLs fail
- KB0100642 - Insights: Customer is getting an error when running the Insight import.
- KB0101004 - IVR vulnerability list issue
- KB0099583 - IVR: WebUI not listing IVR vulnerabilities
- KB0099327 - Insights for Vulnerability Remediation v1.4 – Validation
- KB0100269 - IVR: Unexpected remediation status for superseded patches
- KB0101901 - IVR: Import failure
How to update
WebUI will update automatically by default, unless configured otherwise.
Please note that updates for BigFix Insights must be done manually via the Application Updates page on WebUI. For more information, please see https://help.hcltechsw.com/bigfix/10.0/webui/WebUI/Admin_Guide/c_manage_application_updates.html.
Published WebUI Site Versions
WebUI Site Name | Version |
---|---|
Application Administration | 27 |
Common | 75 |
Custom | 37 |
MDM | 13 |
Patch | 36 |
Patch Policies | 30 |
Profile Management | 20 |
Query | 30 |
Software Distribution | 41 |
WebUI API | 13 |
WebUI CMEP | 6 |
WebUI SCM | 4 |
WebUI Content App | 16 |
WebUI Data Sync | 21 |
WebUI Extensions | 1 |
WebUI Insights | 13 |
WebUI IVR | 3 |
WebUI Framework | 22 |
WebUI Permissions and Preferences | 15 |
WebUI Reports | 10 |
WebUI Take Action | 22 |
Mobile/MCM sites:
BESUEM 37
BESUEM Mobile 14
WebUI Documentation link:
https://help.hcltechsw.com/bigfix/10.0/webui/index.html
HCL BigFix - WebUI Team