parallels | Stuff

Parallels Business Automation (PBA) version Build ID: 3.3.3-07.23 appears to introduce a number of PCI compliance issues which causes PCI compliance to fail. The issue was picked up by a PCI scan after upgrade PBAS from 3.3.3-06.48 to 3.3.3-07.23.

The release notes say the following bugs have been addressed, but, appear not to have been:

3225 (267935) PBAS PCI Compliance. Web Application Cross Site Scripting issue has been corrected in the default online store.
3634 Configure PBAS for the PCI Compleance.

Which, doesn’t seem to be the case.

Parallels Business Automation (PBA) forum bugs:

PBAS PCI compliance fail
Another PBAS PCI compliance fail

Although not detailed in the PBA release notes this is not the first time Parallels Business Automation/HSPC has been plagued by XSS issues.

Suggests fixes for the XSS issue can be found in this document:

http://kb.parallels.com/en/6228

But, it doesn’t detail a fix for the SVN entries PCI issue that is reported. Simply chmod’ing the directory fixes the PCI issue, but, may not be the best fix.

The latest version of Parallels Plesk Panel 9.2.2 is now available for download for Linux versions. This release is also available through auto-update.

This point release includes a just one update, an upgrade to the latest version of Parallels Anti-virus by Dr. Web. For a full list of new features and bug fixes, please refer to the release notes for the appropriate version:

Seems kind of pointless this release as it apparently just upgrades DrWeb. Shame they did not address one of the many bugs in the 9.2.x releases.

Tag: parallels

Parallels PBAS failing PCI tests

Parallels Plesk Panel 9.2.2 Available