Blackbaud CRM, SQL Server Reporting Services Server, and PCI scan failure - Anybody experiencing similar issues
I posted this in the HE PAG community site and am also posting it here. If anybody has any similar experience or solutions, please let me know.
Our Nessus Vulnerability Scan is reporting that the SQL Server Reporting Services Server is missing HSTS (Strict-Transport-Security) in the HTTP Header.
This vulnerability is checked typically for HTTPS (Web) Servers. Although the SSRS is not a full fledge Web Server (No IIS installation), it is still using the HTTPS traffic.
Microsoft provides the steps for HSTS configuration for IIS webserver but not for previous versions of SSRS. The latest SSRS which is 2019 seems to have this configuration but I believe the latest Blackbaud CRM cannot yet support the SSRS 2019.
Our Nessus Vulnerability Scan is reporting that the SQL Server Reporting Services Server is missing HSTS (Strict-Transport-Security) in the HTTP Header.
This vulnerability is checked typically for HTTPS (Web) Servers. Although the SSRS is not a full fledge Web Server (No IIS installation), it is still using the HTTPS traffic.
Microsoft provides the steps for HSTS configuration for IIS webserver but not for previous versions of SSRS. The latest SSRS which is 2019 seems to have this configuration but I believe the latest Blackbaud CRM cannot yet support the SSRS 2019.
| Plugin Name: HSTS Missing From HTTPS Server Plugin #: 84502 Description: The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). The lack of HSTS allows downgrade attacks, SSL stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. |
0
Categories
- All Categories
- 6 Blackbaud Community Help
- 206 bbcon®
- 1.4K Blackbaud Altru®
- 394 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 357 Blackbaud eTapestry®
- 2.5K Blackbaud Financial Edge NXT®
- 646 Blackbaud Grantmaking™
- 561 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 934 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.4K Blackbaud Raiser's Edge NXT®
- 3.6K SKY Developer
- 242 ResearchPoint™
- 118 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 238 The Tap (Just for Fun)
- 33 Blackbaud Community Challenges
- 28 PowerUp Challenges
- 3 (Open) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 778 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)