Improper Handling of Characters in Process Name

This document will explain you about the vulnerability in one of the System Manager's tool reported by Magdalena.

What was the problem?

1. Improper sanitization of characters in the process name of System Manager's tool might cause an XSS attack.
2. Processes with long names were not handled properly, due to which an error might be caused while listing the processes.

How was the problem solved?

1. The process name is now encoded while displaying so that an XSS attack is not possible through the process name.
2. The length of the process name is configured properly now.

How do I fix it?

The issue has been fixed in the Remote Access Plus build 10.0.465 and released on 27-Apr-2021. Visit the Remote Access Plus service packs page, download the latest PPM and update.

Keywords: Security updates, vulnerabilities and fixes.

Note: This issue is not applicable to Remote Access Plus Cloud.