Version 4.3.1.2 Release Notes

This release fixes the following issues.

Resolved Issues

Work Order Description
NSWA-1303Fixed an issue in which reports were vulnerable to remote command injections by using the “token” parameter as described in CVE-2017-6184. This issue was reported by Russell Sanford at Critical Start.
NSWA-1304Fixed an issue in which reports were vulnerable to remote command injections through functions as described in CVE-2017-6182. This issue was reported by Russell Sanford at Critical Start.
NSWA-1305Fixed an issue in which reports were vulnerable to remote command injections using parameters.
NSWA-1310Fixed an issue in which users were able to log in using fixed session IDs as described in CVE-2017-6412. This issue was reported by Kapil Khot at Qualys.
NSWA-1314 Fixed an issue in which the Active Directory configuration was vulnerable to remote command injections as described in CVE-2017-6183. This issue was reported by Russell Sanford at Critical Start.