top of page

Security Advisories

Title: "2021-12-16 I Apache Java Log4J (Unaffected)"

Description: The Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046) are critical security vulnerabilities in version 2 of the Apache Log4j library.

This vulnerability impacts many software products that use Java and Apache services; however, SureView software is built on a Microsoft technology stack and does not utilize any Java libraries or Apache services.

As a result, no action is required from customers regarding our products; however, we encourage you to check all other software products you use to ensure they are not at risk. If you have additional questions after reviewing this notice, please contact Tech Support.

Title: "2021-03-29 I ISSUE-20210329-1"

Components Affected: Quick Dispatch views plugin (Enterprise On-Premise)

Reported By: SureView

Impact: Low

Description: Data.V1ews.QuickDispatch plugin version 1.0.0.13 does not authenticate or check permissions on the command that gets Guard Notes.

Resolution: Update to Data.Views.QuickDispatch plugin version 1.0.0.19 released on 2021-03-30

Title: "2021-03-29 I ISSUE-20210329-2"

Components Affected: V2 Data Service (Enterprise On-Premise)

Reported By: SureView

Impact: Low

Description: Data.Core version 1.4.20063 does not authenticate or check permissions on the command that saves Camera Snapshots.

Resolution: Update to Data.Core version 1.4.21029 released on 2021-03-31

Title: "2021-03-29 I ISSUE-20210329-3"

Components Affected: Audit Service (Enterprise On-Premise)

Reported By: SureView

Impact: Medium

Description: The SVAud1t version 1.1.4.21 file upload action has a path traversal vulnerability allowing files to be uploaded outside of the filestore path.

Resolution: Update to SVAud1t version 1.1.4.32 released on 2021-04-07

Title: "2021-03-29 I ISSUE-20210329-4"

Components Affected: Vl Views Service [Legacy] (Enterprise On-Premise)

Reported By: SureView

Impact: Medium

Description: The legacy V1 Views service has a number of commands that do not authenticate or check permissions.

Resolution: Uninstall the legacy V1 Views service.

Title: "2021-03-29 I ISSUE-20210329-5"

Components Affected: V1 Data Service [Legacy] (Enterprise On-Premise)

Reported By: SureView

Impact: Medium

Description: The legacy V1 SVDataSvc version 1.28.15132.0 has a fixed service account which is unable to log in to the UI but can be used to change user reset answers - reported In related issue.

Resolution: Update to SVDataSvc version 1.28.21407.0 released on 2021-04-09

Title: "2021-03-29 I ISSUE-20210329-6"

Components Affected: Vl Data Service [Legacy] (Enterprise On-Premise)

Reported By: SureView

Impact: Medium

Description: The legacy V1 SVDataSvc version 1.28.15132.0 fixed service account reported in related issue is able to change user reset answers.

Resolution: Update to VSVDataSvc version 1.28.21407.0 released on 2021-04-09

bottom of page