Application Sends Sensitive Data Unencrypted via email
The finding impacts on the Web UI
Confidential data (such as electronic statements) is delivered to the user via an insecure channel such as email. This exposes potentially sensitive data in plaintext over local and intermediary networks. This tr...
MFA Integration of Admin access on all EPR environments
MFA Integration of Admin access on all EPR environments. Not sure what is the current understanding/implementation of MFA checkboxes provided in ARIS UMC
When you log in for first time or change your password, you will not
return to the ARIS Connect login page. There is neither a button nor a
redirect to the login page.
In Process Administration in the tab "Processes" there is no kind of Search or filter functionality. It would be good if it was possible to search for model names to be able to find workflow instances easily for a specific model.
LDAP batch – delete disabled users from the main user list
Whenever a user has been disabled in our Identity Management System, the LDAP batch correctly deletes the username from arisViewer group. However, the batch doesn’t delete it from the main user list (tab: user management > users). The behaviour...
Silent installation of ARIS Server with jdbc JRE11
When custoemr configure the ile "silent.properties", there is no information and no check that the jdbc driver may be only for JRE8 and not JRE11. The consequence of that is that the setup finiss but DASHBOARDING can not start. And there is no cle...
I would like to bring to your attention a limitation that we have found in the product. The issue we are facing is that when a user logs in via SSO and remains on the website for about an hour, the user is automatically redirected to the password ...