ACC Release Notes, Knowledge Base and Security Informations

Tone1
Tera Contributor

Hello,

 

are there any further informaitons to ACC Security Fixes? I cant find anything in the Security Knowledge Base, no CVEs or anything else,

 

I've just read stuff like:

 

"Remote Code Execution via Custom Certificate Injection"

 

https://docs.servicenow.com/bundle/store-release-notes/page/release-notes/store/it-operations-manage...

 

But absolutley no information about affected Versions, Operating Systems, Mitigation etc...

 

Am I the only one who is concerned about how major security issues get not communicated properly? In many cases the ACC has wide spread deployment in companies and the only "informaiton" i get is when i actively read the release notes of new versions.....

 

2 REPLIES 2

Mark Manders
Mega Patron

No, there aren't. ServiceNow is keeping this very internally and every time I have asked for information, I got a little, but for 'security reasons' they aren't sharing too much.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

How do you handle this? Are you updateing the ACC immediately on the clients all the time when a new Update is out? With this lack of information it's absolutley not possible to assess if i have to push our client team to update the ACC outside of normal maintenance schedules, or if i can wait for the next upcoming update window. With all the "security fixes" in the release  notes i probably have to push them every month, without even knowing if we are affected in the first place.

 

I think that's a horrible state we customers are in and pretty unprofessional from ServiceNow.