Web Tools Security Fixes

Genesys has completed updates to web-facing applications in order to ensure the security and resiliency of our products that face the open internet. These are part of a program to ensure our products protect customers from the constantly evolving threats that develop around web technology.

Recommendations for protecting your Interaction Connect web server from cross frame scripting attacks and directory scans are described in the CIC Web Applications Installation and Configuration Guide. See the examples of web server configuration files for IIS, Nginx, and Apache servers.

To provide extra security for Interaction Web Portal, change the web.config file to prevent cross-frame scripting attacks, HTTP method overriding, and disable debugging. For more information, see Configure Security for Interaction Web Portal in the Interaction Marquee Installation and Configuration Guide.

Interaction Connect users are prevented from including the following types of executable files (exe, .sh, and .js) when creating Personal Responses or using Response Management in an email interaction. For more information, see Create Personal Responses in the Interaction Connect help.