============================================================================= Run Date: MAY 27, 2020 Designation: WEBB*2*15 Package : WEBB - BED MANAGEMENT SOLUTION Priority: EMERGENCY Version : 2 SEQ #13 Status: Released Compliance Date: JUN 26, 2020 ============================================================================= Subject: COVID-19 PATCH - AUTO-ICON LIBRARY UPDATE; AITC WASA CODE FIX Category: - Informational Description: ============ Bed Management Solution (BMS) Emergency Patch WEBB*2*15 resolves the following COVID-19 related defects: 1. Facility Auto-Icon Library Update Issue 2. Austin Information Technology Center (AITC) Web Application Security Assessment (WASA) Code Remediation Patch Components: ----------------- N/A Files & Fields Associated: File Name (Number) Field Name (Number) New/Modified/Deleted ------------------ ------------------- -------------------- N/A Forms Associated: Form Name File # New/Modified/Deleted --------- ------ -------------------- N/A Mail Groups Associated: Mail Group Name New/Modified/Deleted --------------- -------------------- N/A Options Associated: Option Name Type New/Modified/Deleted ----------- ---- -------------------- N/A Protocols Associated: Protocol Name New/Modified/Deleted ------------- -------------------- N/A Security Keys Associated: Security Key Name ----------------- N/A Templates Associated: Template Name Type File Name (Number) New/Modified/Deleted ------------- ---- ------------------ -------------------- N/A Remote Procedures Associated: Remote Procedure Name New/Modified/Deleted --------------------- -------------------- N/A Parameter Definitions Associated: Parameter Name New/Modified/Deleted -------------- -------------------- N/A Additional Information: ----------------------- N/A New Service Requests (NSRs): ---------------------------- N/A Patient Safety Issues (PSIs): ----------------------------- N/A Defect Tracking System Ticket(s) & Overview: -------------------------------------------- 1. INC10149182 - Auto-Icon Active Checkbox Not Sticking Duplicate: INC10693241 - Auto-Icon Active Checkbox Not Sticking Problem: -------- If a site attempts to update their Icon Configuration, it causes duplicate records in the database; then if another site updates their Icon Configuration, the previous site's changes are reverted to a state before the update. Resolution: ---------- Updated the code to no longer overwrite the primary key "ID" field on the IconAssociation Object preventing duplicate records and allowing the Facility to retain their Icon Configuration records after other sites update their Icon Configuration. 2. Rational Defect #1261406 - AITC WASA Code Remediation Problem: ------- During the WASA April 2020 scan, it was discovered that the BMS application shows Detailed Error Messages that can show sensitive database scheme information and source code structure. This vulnerability requires an edit to be made to the code so that it will not display database and source code information. Resolution: ---------- Code has been commented out in the BMS Exception View that displays detailed error messages. Additionally, the error message has been replaced with a generic user-friendly message. Test Sites: ---------- Milwaukee VAMC Hudson Valley HCS Software and Documentation Retrieval Instructions: ---------------------------------------------------- N/A Patch Installation: ------------------- Austin Information Technology Center (AITC) performs patch installation on a centralized web server. Pre/Post Installation Overview: ------------------------------- N/A Pre-Installation Instructions: ------------------------------ N/A Installation Instructions: -------------------------- The BMS application is a centrally managed web-based application hosted at AITC. WEBB*2*15 will be loaded into BMS Production account by AITC staff. No software will be installed at the facilities. Post-Installation Instructions: ------------------------------- N/A Back-Out Plan: -------------------- A back-out plan will be sent to AITC and attached to the installation change order (CO) in a separate document. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : MAY 05, 2020 Completed By: Date Completed: MAY 22, 2020 Released By : Date Released : MAY 27, 2020 ============================================================================= Packman Mail Message: ===================== No routines included