| | Potential security vulnerability with Pervasive System Analyzer |
| Description | NOTES: - The PSA utility needs to be uninstalled from the server and all workstations.
- Sage users do not need to be logged out of Sage CRE300 to uninstall PSQL System Analyser
- The uninstall does not require a reboot of the server or wrokstation
To uninstall the PSA utility: - From the Control Panel, select Programs and Features (This may also be labeled as Add or Remove Programs, depending on the version of windows that is installed.)
- Locate Pervasive or Actian (PSQL server or client engine) and select Uninstall/Change
- When prompted, select Modify
- Locate PSQL System Analyzer and use the drop-down option to select the "this feature will not be available" option
- Select Next and then Install to uninstall the PSA feature
|
| Cause | The keyhelp.ocx file used by the PSA utility is flagged by security audits or analyzer utilities as a potentially vulnerable file. In versions 16.1 or earlier, the file can permit an unauthorized user to remotely execute code on the machine where the Sage 300 CRE / Sage Estiming (Pervasive) application is running. The vulnerability could be exploited if a user opens a specially crafted file from a third party with the ActiveX component enable on the Sage 300 CRE / Sage Estimating (Pervasive) machine. |
|