[Degreeworks-l] DW Patch Available to Fix Vulnerability
Leask, Jane
jeleask at samford.edu
Thu Feb 10 15:37:42 CST 2011
Our IT people may have already applied this. It was released only yesterday (2/9/11).
If we haven't applied it yet, we need to. It is for DW 4.0.0 and higher, and we are on 4.0.6 in PROD and 4.0.7 in TEST.
The patch will have DW 4.0.8 in the title, but we don't have to be on 4.0.8 in order to apply it.
Here is the posting from Wayne Holt, SGHE, to the Commons>DegreeWorks:
Patches Now Available for DegreeWorks
by Wayne Holt SGHE<http://www.edu1world.org/blog/WayneHolt/site/profile/> on 02/09/2011 20:12 0 comments<http://www.edu1world.org/CommonsDW/38107#0> , 50 views
Patches are now available to address the potential security vulnerability in certain versions of DegreeWorks. We recommend that you install the appropriate patch as soon as possible. They are available for download from the Customer Support Center at https://connect.sungardhe.com<https://connect.sungardhe.com/>.
DegreeWorks releases 4.0.0 and above as well as release 7.7.2 D02 (released March 2008) are affected. Although exploiting this vulnerability would be difficult, if exploited, there is a possibility that unauthorized viewing of degree audit data could occur.
Information on this issue can be accessed in the FAQ # 1-IC93BX in the SunGard Higher Education Customer Support Center (https://connect.sungardhe.com<https://connect.sungardhe.com/>). We will continue to update the FAQ as needed.
If you have questions, please contact me at wayne.holt at sungardhe.com<mailto:wayne.holt at sungardhe.com>
Thank you, Wayne
Wayne Holt, DegreeWorks Product Owner
And here's the detail from the FAQ #1-IC93BX:
Patches are now available to address the potential security vulnerability in certain versions of DegreeWorks. We recommend that you install the appropriate patch as soon as possible. They are available for download from the Customer Support Center at https://connect.sungardhe.com (see details below).
DegreeWorks releases 4.0.0 and above as well as release 7.7.2 D02 (released March 2008) are affected. Although exploiting this vulnerability would be difficult, if exploited, there is a possibility that unauthorized viewing of degree audit data could occur.
The patches are located in the Software Downloads tab within the Documentation & Download Center. Select the DegreeWorks product and choose the appropriate patch based on your product version:
---Clients on versions 4.0.0 through 4.0.8: Select the "CRITICAL PATCH" folder listed under DW4.0.8; download patch # DW4.0.8.1-IBIPOW
---Clients on version 7.7.2 D02: Select the 7.7.2.D02 folder; download patch # 7.7.2.D02.P04.1-IBIPOW
Note: If you have already downloaded a copy of DW4.0.8 but not processed it, we recommend you download a fresh copy, which already has the
patch applied to it.
If you have questions, please contact Wayne Holt, wayne.holt at sungardhe.com or Robert (Mac) McKosky, mac.mckosky at sungardhe.com.
Thanks, Jane
Jane Leask
Assistant Registrar (Certifications, Publications, and Programming)
Office of Student Records
Samford University
800 Lakeshore Drive
Birmingham, AL 35229
(205) 726-2912
jeleask at samford.edu<mailto:jeleask at samford.edu>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://maillists.samford.edu/pipermail/degreeworks-l/attachments/20110210/4ac9a4b6/attachment.htm
More information about the Degreeworks-l
mailing list