| S. No. |
Vulnerability Details |
Vulnerability Fix Details |
Released Build Version |
Released Date |
CVE |
| 1. |
Unused encrypted password stored in log files. |
Encrypted password is no longer logged |
10.1.2121.1 |
26 July 2021 |
- |
| 2. |
Permission issue to access folders for users |
Excessive privileges set to the folders have been revoked. |
10.1.2121.1 |
26 July 2021 |
- |
| 3. |
Few functions are using hard-coded credentials |
From now on, a new randomized password will be generated for performing those functions. |
10.1.2121.1 |
26 July 2021 |
CVE-2021-41827, CVE-2021-41828, CVE-2021-41829
|
| 4. |
Unauthorized password reset |
From now on, only admins can execute password-reset script. |
10.1.2132.3 |
21 Sep 2021 |
CVE-2021-42955 |
| 5. |
Improper File System Permission |
From now on, only admins can access the installation folder. |
10.1.2132.3 |
21 Sep 2021 |
CVE-2021-42954 |
| 6. |
Sensitive data stored in memory dump files |
From now on, sensitive data will not be stored in the memory dump files of the server tray icon. |
10.1.2132.4 |
28 Sep 2021 |
- |
| 7. |
Sensitive data stored in EXE dump files |
From now on, sensitive data will not be stored in the agent EXE dump files after Remote Command Prompt usage. |
10.1.2132.6 |
12 Oct 2021 |
- |
| 8. |
dcondemand.exe error when receiving inaccurate data |
The issue with dcondemand.exe while receiving inaccurate data from the server has been fixed. |
10.1.2132.6 |
12 Oct 2021 |
- |
| 9. |
Insecure TCP communication |
Agent-server communication security has been enhanced while performing on-demand tasks. |
10.1.2226.1 |
15 July 2022 |
- |
How do I fix it?
As mentioned above, these issues have been fixed and released in the respective Remote Access Plus builds. Please visit the Remote Access Plus service packs page, download the latest PPM, and update.
