Communications Word AddIn - Security Vulnerability...

Community
- Product Forum
  
  Get personalized help and advice from other SS&C Blue Prism users here.
- Digital Exchange
  
  Get community support for SS&C | Blue Prism® Digital Exchange assets and discuss the DX.
- SS&C Blue Prism Products
- Support Center
- Documentation
- First Steps
  
  Discover how to set up, deploy, maintain and support your SS&C | Blue Prism® Cloud or SS&C | Blue Prism® Enterprise solution.
- University Forum
  
  Upskill together with other SS&C Blue Prism learners. Share your learning objectives, get advice on courses and celebrate your latest certifications.
- Getting Started
  
  New to SS&C Blue Prism? Get advice on setup, deployment and organizational adoption.
- Blogs
  
  Your window to developer insights, customer stories, the latest company news, and more.
- Events
  
  Meet online or in person and discuss the world of intelligent automation.
- Product Ideas
  
  Submit and vote for your favorite ideas on how to improve SS&C Blue Prism products.
- Blueprints
  
  Intelligent automation use cases, shared by the teams who designed and deployed them.
- Product Research Program
  
  Help us meet your automation needs by participating in user research, beta trials and surveys.
- User Groups
  
  Find new friends and professional connections across the intelligent automation community.
- Welcome Space
  
  Find community news, activities, and tips here. You can also introduce yourself!
- Community FAQ
  
  Learn how to make the most of the SS&C Blue Prism Community.
- Community Suggestions
  
  Got an idea on how to improve the SS&C Blue Prism Community? Submit them, and vote on others, here.
- NHS Network
  
  A private area for NHS developers to network, collaborate and share best practices.
- Local Language
  
  Bienvenido! Salut! Witaj! Find intelligent automation professionals who speak your language here.
- Off-Topic Chat
  
  This space is for discussion about anything and everything – except intelligent automation!
- Local Government Network
  
  Discuss intelligent automation best practices and tactics for Local Government settings here.
- UK Higher Education Network
  
  Discuss intelligent automation best practices and tactics for Higher Education settings in the UK here.
- North America Healthcare Network
  
  Revolutionize the North American healthcare industry together with other intelligent automation professionals here. Please note: the content of this community is commercial in confidence, share with appropriate discretion.
- Meet the Team
- Meet the MVPs

Status:

No Customer Care of JIRA ticket has been opened.

The ask by Morgan Stanley is to have SS&C update Communications to use a 3^rd party certificate instead of the self-signed certificate.

The Morgan Stanley CISO team believes this is a security risk and should be remediated by SS&C with either a short-term solution if we can't provide a long-term solution this year. The short-term solution could be to rotate the certificate in the SS&C Hosted environment by November 2022.

Risk - Self-signed certificates introduce a risk of server impersonation attack.

Remediation - Vendor must ensure that the certificate used for authentication is not self-signed and is actually signed by a Trusted third party Certificate Authority.

Risk- Not rotating the certificates introduces the risk of certificate keys becoming “stale” and increases the likelihood that they will be compromised or increasing the period for which compromised credentials are valid.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

SS&C Blue Prism Community

Communications Word AddIn - Security Vulnerability: Certificate

Option to Search Process and Object in Studio & Se...

Form Design - Links on a Form

Communications Document Delivery - Ability to Dele...

Interact Form - Button Download

Alert when Bot connection lost