============================================================================= Run Date: SEP 16, 2025 Designation: PSO*7*794 Package : PSO - OUTPATIENT PHARMACY Priority: Mandatory Version : 7 SEQ #660 Status: Released Compliance Date: OCT 17, 2025 ============================================================================= Subject: INBOUND ERX (EPRESCRIBING) TECHNICAL UPDATE FOR TRM & FORTIFY COMPLIANCE Category: - Informational - Other Description: ============ The Inbound eRx (ePrescribing GUI) JAVA application is a component of the PRE IEP program that provides the capability to receive inbound eRx's from an external provider. The JAVA application provides a user interface that allows end users to manage and monitor eRx processing from external sources. Adaptive Maintenance: 1. JIRA Task: ERXCS-3597 - Updating libraries for TRM compliance 2. JIRA Task: ERXCS-3599 - Fortify Finding - System Information Leak: External 3. JIRA Task: ERXCS-3589 - Remediate IEP/eRx WASA Findings EHRM Impact Statement: ---------------------- This patch should have no EHRM impact, and can be installed at all sites, including EHRM converted sites. Patch Components: ----------------- Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File Number New/Modified/Deleted --------- ----------- -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Patient Safety Issues (PSIs): N/A Defect Tracking System Ticket(s) & Overview: ============================================ N/A Adaptive Maintenance: --------------------- 1. JIRA Task: ERXCS-3597 - Updating libraries for TRM compliance Problem 1: ---------- Libraries within ERX are not in compliance with TRM and need to be updated. Resolution 1: ------------- Updated libraries to TRM compliant versions. 2. JIRA Task: ERXCS-3599 - Fortify Finding - System Information Leak: External Problem 2: ---------- The code leaks Exception information in the HTTP response. Resolution 2: ------------- Removed the Exception information from the HTTP response and redirected Exceptions to the log files only. 3. JIRA Task: ERXCS-3589 - Remediate IEP/eRx WASA Findings Problem 3: ---------- Information Disclosure - Web Application Displays Detailed Error Messages. Resolution 3: ------------- Added checks to the message id and inbound/outbound fields which could be manipulated in the browser to cause an error that would dump detailed error messages and SQL queries. The input is now checked and prevents these detailed error message dumps back to the users browser. Test Sites: ----------- VA Central Texas Healthcare System (Temple, TX) Miami VA Healthcare System (Miami, FL) Test Sites - SNOW Change Order#: -------------------------------- INC39935855- Centralized Servers - Austin Information Technology Center, Austin, TX Software and Documentation Retrieval Instructions: ------------------------------------------------- The PSO*7*794 documentation can be found on the VA Documentation Library (VDL) at: https://www.domain.ext/vdl. The PSO*7*794 documentation can also be obtained at: https://download.vista.domain.ext/index.html/SOFTWARE. Title File Name ------------------------------------------------------------------ Deployment, Installation, Back-Out, PSO_7_0_P794_DIBR.DOCX and Rollback Guide (DIBR) PSO_7_0_P794_DIBR.PDF Patch Installation: ------------------- Pre-Installation Instructions: ------------------------------ N/A Installation Instructions: ------------------------- Inbound eRx (ePrescribing GUI) is a Centralized Web application and JAVA component for this patch is being installed by AITC. No installation is required at Local sites. No downtime required during deployment. The Deployment, Installation, Back-Out and Rollback Guide (DIBR) for this patch contains detailed installation instructions on how to deploy this eRx Java application patch at the Central Application Server. Back-Out/Roll Back Plan: -------------- The backout plan is provided as part of the Deployment, Installation, Back-Out and Rollback Guide (DIBR) for this patch. Refer to section 4, Back-Out Procedure. Validation of Back-out Procedure: --------------------------------- Detailed information on the validation of back-out procedure is provided Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : MAY 27, 2025 Completed By: Date Completed: SEP 11, 2025 Released By : Date Released : SEP 16, 2025 ============================================================================= Packman Mail Message: ===================== No routines included