ver 244 upd introduces a new RESTful API schema (v3) that deprecates the old SOAP endpoints.

Step 8 — Controller/firmware coordination

| CVE ID | Severity | Description | Mitigation in 244 upd | | :--- | :--- | :--- | :--- | | | Critical (9.8) | Default super-admin credentials stored in plain text in backup logs | Credentials are now encrypted via AES-256 in transport and at rest | | CVE-2023-4422 | High (7.5) | OS command injection via the HTTP API endpoint /api/v1/export | Input sanitization and required API key rotation every 30 days | | CVE-2023-4423 | Medium (4.3) | Information disclosure via verbose error messages | Generic error suppression and logging redirected to Windows Event Viewer |

: Define granular access privileges, such as specific door permissions for different cardholders (e.g., loaner cards that only work on a front door).

Access — Control Software Ver 244 Upd

ver 244 upd introduces a new RESTful API schema (v3) that deprecates the old SOAP endpoints.

Step 8 — Controller/firmware coordination access control software ver 244 upd

| CVE ID | Severity | Description | Mitigation in 244 upd | | :--- | :--- | :--- | :--- | | | Critical (9.8) | Default super-admin credentials stored in plain text in backup logs | Credentials are now encrypted via AES-256 in transport and at rest | | CVE-2023-4422 | High (7.5) | OS command injection via the HTTP API endpoint /api/v1/export | Input sanitization and required API key rotation every 30 days | | CVE-2023-4423 | Medium (4.3) | Information disclosure via verbose error messages | Generic error suppression and logging redirected to Windows Event Viewer | ver 244 upd introduces a new RESTful API

: Define granular access privileges, such as specific door permissions for different cardholders (e.g., loaner cards that only work on a front door). access control software ver 244 upd