[Elluciansupport] [Ellucian Cloud status] Scheduled : Ellucian CRM Recruit Security Alert & Maintenance

eoc at ellucian.com eoc at ellucian.com
Wed Aug 23 10:50:20 CDT 2017 

Ellucian CRM Recruit Security Alert & Maintenance : Scheduled

Scheduled Start: Aug 23, 2017, 17:00 EDT
Scheduled End: Aug 24, 2017, 18:00 EDT

Ellucian Security Alert - CRM Recruit 
Security Update for Recruit Cloud Environments
Scheduled for August 23 & 24, 2017

NOTICE: This notice is to inform you about planned maintenance to the Ellucian CRM Recruit TEST environment to address the following security alert posted to eCommunities yesterday 8/22.

+++++++++++ Ellucian Security Alert 20170822 ++++++++++++++++++++++++++++++++++++++
CRM Recruit – WFE Authentication with PrintApplication.aspx
Published: 08/17/2022

General Information:  CR-000150134 – The CRM Recruit PrintApplication.aspx page does not require authentication, potentially exposing personally identifiable information if the obfuscated URL is shared with others

Impact: If a prospective student posts their unique Application Print URL online other users will be able to access data displayed on this page.   

Affected Ellucian Software: Ellucian CRM Recruit (all versions)

Resolution: Replace the PrintApplication.aspx page with the updated PrintApplication.aspx which forces authentication. 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 
DESCRIPTION OF PLANNED WORK:
The cloud team will replace the affected .aspx page with an updated page which forces authentication. When replaced the page will load immediately and fix the identified vulnerability.

WINDOW:  
TEST will be updated starting today, Wednesday August 23rd starting at 5PM eastern - ending by 6 PM
PROD will be updated starting tomorrow, Thursday August 24th starting at 5 PM eastern - ending by 6 PM

IMPACTS:
There is no downtime or interruption to service expected for this change to take effect in either TEST or PROD.

ACTION REQUIRED:
There is no action required by Customers. This announcement is for informational purposes only.

Feel free to reach out to your Customer Success Manager with any questions.
 
Your Ellucian Cloud Services and Customer Success Teams



      --
      Incident Status: http://stspg.io/3cc0cb80e
Ellucian Cloud Status: http://status.elluciancloud.com
To manage your subscription: http://status.elluciancloud.com/manage/cjxmbmn6l2nf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://newlist.semo.edu/pipermail/elluciansupport/attachments/20170823/7391735b/attachment.html

More information about the EllucianSupport mailing list