SICS Service Pack Documentation

Case Details

SICS REQUESTS

Cede
Accounting
[SICSR-10859] Reinstatements for single OCC do not work when scheduled  
Product Line: Cede
Component/s: Accounting Reinstatement Premium
Affects Version/s: SICS 4.7
Fix Version/s: SICS 4.9.2
Customer: Reale Mutua Assicurazioni

Problem:
Reinstatement order for single OCC run through scheduler does not produce any worksheets

Solution:
The order type should be supported by the scheduler

Workaround:
Run the order from the workstation.

Root Cause:
Original development - order was never supported by scheduler

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15006] Abend on REAC Calculation order after upgrade from SICS 4.7_SSP16 to SICS 4.8.5  
Product Line: Cede
Component/s: Accounting Prop Retro
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: Triglav Re

Problem:
Database patches that have been ported back to previous versions can be classified as not required when they are required. In this case they cannot be enabled and have to have their SQL independently run.

Solution:
Patches ported back to previous versions should still be required as per their original settings in the base version they were added, irrespective of being proted back to a previous version. In this case they can be disabled if already run and running again causes problems.

Workaround:
Not required patches that are required must be run independently via generated SQL.

Root Cause:
Porting of DB patches batch to previous versions.

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

Business
[SICSR-319] Retrocessionaire doesn’t inherit added instalments from OCC  
Product Line: Cede
Component/s: Business Premium/Limit Condition
Affects Version/s: SICS 4.4.1
Fix Version/s: SICS 4.9.2
Customer: Assicurazioni Generali S.p.A.
External Issue ID: GEN1094

Problem:
When creating a retrocessionaire after the user has added one premium instalment to the contract, the system does not copy this instalment also to the retrocessionaires.

Solution:
Ouwtard Cedent’s Contract:
When creating a retrocessionaire AFTER the user has added One Instalment to the OCC, the system should copy this premium instalment also to the retrocessionaire, (like it currently correctly does when the retrocessionaire exsisted BEFORE the user added One instalment).

Workaround:
1. On the OCC, in Instalment Schedule: select the Instalment concernd and select Remove One Installment from the pop up menu
2. When removed, select again Add One Installment. (Now this instalment is copied down to all retrocessionaires present.)

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-13265] Duplicated OCC in PAB’s NP Protection  
Product Line: Cede
Component/s: Business Protection Assignments
Affects Version/s: SICS 4.8
Fix Version/s: SICS 4.9.2
Customer: Assicurazioni Generali S.p.A.

Problem:
The system allows inwards business to be linked to the same Protection Program more than once, thus resulting in same OCCs being listed more than once.

Solution:
When attempting to link a section to a protection program, the system must verify that this link has not yet been already defined.
a) If it has, and all OCCs are linked the system should throw an error message - similar or same to BR0019, and no further linking should take place.
b) If links has been defined only to some of the OCCs within the selected PP section, only create the links to the new not linked OCCs.
c) Only if no links have been defined should the system add all the OCCs.

Workaround:
Remove the link to an OCC which is listed more than once if this has inadvertently been added.

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15478] Assistance reinsurance ceded premium calculation does not work  
Product Line: Cede
Component/s: Business Premium/Limit Condition
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2
Customer: Ocidental Seguros

Problem:
When calculating assistance cover premium, the system does not consider actual protection assignment percentage.

Solution:
When running Preliminary booking order and calculating Assistance Cover premium, the following rules apply in respect of calculation of Original Premium when Assistance Cover is activated: according to use case for SE-519:

Yearly premium:

Premium * Protection Assignment % * (Attachment period from - to)/365 * number of insured objects; where

Actual light premium amount booked is disregarded; and the Premium given in the current LookUpTable is used instead
Protection Assignment % is taken from the Proportional Protection Assignment on current Policy light section version
Attachment period from-to is taken from the current Policy light section version
Number of insured objects are taken from the current light policy section version
Flat premium:

Premium * Protection Assignment % * number of insured objects; where

Actual light premium amount booked is disregarded; and the Premium given in the current LookUpTable is used instead
Protection Assignment % is taken from the Proportional Protection Assignment on current Policy light section version
Number of insured objects are taken from the current light policy section version

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15856] Multi Business Auto PA order no longer cumulates correctly Life Light policies ‘Per IO’ (OCC Limit Basis Per Insurable Object)  
Product Line: Cede
Component/s: Business Protection Assignments
Affects Version/s: SICS 4.8.4
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Multi Business Auto Protection order no longer cumulates correctly Life Light policies that are protected by OCC with Limit Basis ‘Per IO’ (Per Insurable Object).
Error introduced in 4.8.4 .

Solution:
Fix so that MBPA correctly calculates previously applied from cumulating Life Light Policies.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15892] MBPO Abend Related to SC-32  
Product Line: Cede
Component/s: Business Protection Assignments
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2
Customer: DXC
External Issue ID: n/a

Problem:

Invalid thread access when running Multi Business Protection Order (MBPO) when the system parameter Mandatory Fields In Use is set and another window/view is open where there exists mandatory fields.

MBPO does not have any mandatory fields, but it is affected by another window/view that does.

Solution:

Check the calling thread type before checking the mandatory fields. If the calling thread is not the UI thread (i.e long running process such as the MBPO), exclude the mandatory fields check.

Workaround:

Run MBPO from Scheduler or do not have any open windows/views where there exists mandatory fields (i.e. Outward Cedent's Contract).

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15958] Multi Business Auto PA does not propose protection / abends in some situations for Policy Ceded  
Product Line: Cede
Component/s: Business Protection Assignments
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Multi Business Auto Protection order ‘All Business’ abends when Policy Ceded is included and other issues related to the same origin.

Solution:
Fix so that MBPA calculates proposals and removals for Policy Ceded as expected according to extract criteria and without abending.

Claim
[SICSR-15654] Walkback - Headline Loss - Create Event IBNR Record  
Product Line: Cede
Component/s: Claim Headline Loss
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: Renaissance Re
External Issue ID: SO-104

Problem:
When creating Event IBNR record will <blank> value - the system abends

Solution:
The system must accept a blank Event IBNR value, and read it as 0; not causing the system to abend

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

Reporting
[SICSR-14500] Missing in Universe in order to create retrocessioners quarterly statement  
Product Line: Cede
Component/s: Reporting - Accounting
Affects Version/s: SICS 4.8.2
Fix Version/s: SICS 4.9.2
Customer: Triglav Re

Problem:
To include OCC information when a report is created on ORP level.

Solution:
Implement new objects and joins to get relevant info from the OCC.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15047] The where clause is used on the object it means that the whole query will be limited to this, not only this object  
Product Line: Cede
Component/s: Reporting - Business
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3637

Problem:
On the object "last logged in" there is a where clause saying that only activity logged in should be extracted.
If the where clause is used on the object it means that the whole query will be limited to this, not only this object.
In this case it means that as soon as this is included in the query it will limit the result to only extract the users who at some time have logged in to the system. It will not be possible to view all users set up in SICS, which is kind of the point.

Solution:
This is the change that is needed to the reference universe.
The where clause needs to be taken out from the object and moved instead be defined on the join

Workaround:
Use separate Reports for all users excluding lastLoggedIn

Root Cause:

Extent of Impact:
Reference Universe reporting on users and using last logged in

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15703] Universe Structure Modifications to be done-Part 2  
Product Line: Cede
Component/s: Reporting
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Adjustments found that are needed in order to get a slightly better structure and abilities to create client reports.

Scheduling
[SICSR-15812] SICS Batch Server - Update vulnerable dependencies  
Product Line: Cede
Component/s: Scheduler
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

NAME DESCRIPTION CWE CVSS v2.0 SEVERITY CVSS v3.0 SEVERITY DEPENDENCY
CVE-2018-1000873 Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 MEDIUM HIGH jackson-databind-2.9.6.jar
CVE-2018-14718 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14720 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. CWE-611 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. CWE-918 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19360 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19361 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19362 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar

Solution:

Update vulnerable dependencies

Server
[SICSR-15806] SICS API Server - Update vulnerable dependencies  
Product Line: Cede
Component/s: SICS Server
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

NAME DESCRIPTION CWE CVSS v2.0 SEVERITY CVSS v3.0 SEVERITY DEPENDENCY
CVE-2018-1000873 Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 MEDIUM HIGH jackson-databind-2.9.6.jar
CVE-2018-14718 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14720 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. CWE-611 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. CWE-918 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19360 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19361 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19362 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar

Solution:

Update vulnerable dependencies

Miscellaneous
[SICSR-10515] Not possible to activate log activity on Premium Basis  
Product Line: Cede
Component/s: Log Functionality
Affects Version/s: SICS 4.7
Fix Version/s: SICS 4.9.2
Issue Links: is duplicated by SICSR-9984
Customer: Assicurazioni Generali S.p.A.

Problem:
Business Condition Log not activated for Informational Agreements.

Solution:
Business Condition Log enabled for Informational Agreements.
Specific additional fields NOT covered by this case.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15625] Import Technical Worksheet - the Output pattern field related to dates (Timestamp) not working correctly  
Product Line: Cede
Component/s: Automated Document Handling
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: Triglav Re
External Issue ID: TRSI-619

I am not able to import a spreadsheet using SICS Cede 4.8.5 at client site.
In the mapping, a Time Format block with output format 'yyyy-MM-dd 00:00:00' is connected to OP field 'Insured Period To'.
Error message is,
"Error setting value of 'root/Insured Period To' field to '2017-12-31 00:00:00'
java.lang.String cannot be cast to com.csc.sics.framework.lang.time.TimeStamp".

[SICSR-15723] SNS - BP 1.1 R2710 violation  
Product Line: Cede
Component/s: SICS Live Desktop
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

For every request to SICS Naming Service, there is a warning saying that SICS Naming Service is violating BP 1.1 R2710.

The violation is caused by the fact that almost all web methods / operations on the SNS API do not have a unique signature. Most operations are defined two times, one time with, and the other time without, the so-called 'callConfiguration' argument. The operation definitions without a 'callConfiguration' argument have been deprecated since SICS 4.5.2.

Solution:

Remove all the deprecated web methods / operations on SICS Naming Service API.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15729] SICS Search - Equal missing as logic in chained clause referenced by domain restriction filter  
Product Line: Cede
Component/s: SICS Search
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Abend in server initialization when equal filter is added to domain restriction:
com.csc.sics.search.lucene.ChainedClause.Logic.EQV is missing

HTTP 500 response when displaying search result in web browser from SICS Search Server when running Tomcat 8.5 on RedHat Linux with Java 8.
com.csc.sics.search.Messages override does not work anymore because java.util.ResourceBundle.getBundle(String) is caller sensitive, therefore messages.properties can no longer be found.

Indexing failed in SICS Search Folder Mode caused by unsupported operation on an unmodifiable list while recycling lucene documents.

Solution:

Implement equal logic in chained clause

fix com.csc.sics.search.Messages override

Use the correct method to remove all fields from a lucene document while it is recycled.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15777] SICS Naming Service - Update vulnerable dependencies  
Product Line: Cede
Component/s: SICS Live Desktop
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

NAME DESCRIPTION CWE CVSS v2.0 SEVERITY CVSS v3.0 SEVERITY DEPENDENCY
CVE-2015-6420 Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. CWE-502 HIGH   commons-collections-3.1.jar
CVE-2017-15708 In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version. CWE-74 HIGH CRITICAL commons-collections-3.1.jar
CVE-2018-1000632 dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. CWE-91 MEDIUM HIGH dom4j-1.6.1.jar
CVE-2018-10237 Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-502 MEDIUM MEDIUM guava-13.0.1.jar
CVE-2015-0254 Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. NVD-CWE-Other HIGH   standard.jar
CVE-2011-4969 Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. CWE-79 MEDIUM   jquery-1.6.1.min.js
CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. CWE-79 MEDIUM MEDIUM jquery-1.6.1.min.js
CVE-2015-9251 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 MEDIUM MEDIUM jquery-1.6.1.min.js
CVE-2016-0750 The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks. CWE-502 MEDIUM HIGH hibernate3.jar (shaded: org.hibernate:hibernate-infinispan:3.6.4.Final)
CVE-2017-15089 It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks. CWE-502 MEDIUM HIGH hibernate3.jar (shaded: org.hibernate:hibernate-infinispan:3.6.4.Final)
CVE-2017-2638 It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name. CWE-287 MEDIUM MEDIUM hibernate3.jar (shaded: org.hibernate:hibernate-infinispan:3.6.4.Final)

Solution:

Upgrade third party dependencies to the newest versions that will resolve the vulnerabilities listed above

NB! Metro version 2.4.3 from January 2019 has a transitive dependency with the following known vulnerability

NAME DESCRIPTION CWE CVSS v2.0 SEVERITY CVSS v3.0 SEVERITY DEPENDENCY
CVE-2014-0114 Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. CWE-20 HIGH   beanutils-1.6.1-20070314.jar

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15814] SICS Operational Reporting Server - Update vulnerable dependencies  
Product Line: Cede
Component/s: SICS Operational Reporting
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

NAME DESCRIPTION CWE CVSS v2.0 SEVERITY CVSS v3.0 SEVERITY DEPENDENCY
CVE-2017-17485 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-1000873 Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 MEDIUM HIGH jackson-databind-2.8.10.jar
CVE-2018-14718 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-14720 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. CWE-611 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. CWE-918 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-19360 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-19361 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-19362 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-5968 FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. CWE-502 MEDIUM HIGH jackson-databind-2.8.10.jar
CVE-2018-7489 FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-14040 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. CWE-79 MEDIUM MEDIUM bootstrap.js
CVE-2018-14041 In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. CWE-79 MEDIUM MEDIUM bootstrap.js
CVE-2018-14042 In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. CWE-79 MEDIUM MEDIUM bootstrap.js
CVE-2019-8331 In Bootstrap before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CWE-79 MEDIUM MEDIUM bootstrap.js

Solution:

Update vulnerable dependencies

[SICSR-15880] SICS Search Server - Update vulnerable dependencies  
Product Line: Cede
Component/s: SICS Search
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

NAME DESCRIPTION CWE CVSS v2.0 SEVERITY CVSS v3.0 SEVERITY DEPENDENCY
CVE-2018-1000632 dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. CWE-91 MEDIUM HIGH dom4j-1.6.1.jar
CVE-2017-17485 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-1000873 Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 MEDIUM HIGH jackson-databind-2.8.10.jar
CVE-2018-14718 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-14720 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. CWE-611 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. CWE-918 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-19360 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-19361 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-19362 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2018-5968 FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. CWE-502 MEDIUM HIGH jackson-databind-2.8.10.jar
CVE-2018-7489 FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. CWE-502 HIGH CRITICAL jackson-databind-2.8.10.jar
CVE-2015-9251 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79 MEDIUM MEDIUM jquery.min.js

Solution:

Update vulnerable dependencies

[SICSR-15934] Update Apache Solr to version 8.0.0  
Product Line: Cede
Component/s: SICS Operational Reporting
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: DXC

Update Apache Solr to version 8.0.0

[SICSR-16039] ADH - Unable to import spreadsheet  
Product Line: Cede
Component/s: Automated Document Handling
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich

Problem:

Unable to import spreadsheet (XLS and XLSX) documents when:

  • There exists a row where all cells are empty (this sometimes works, sometimes not)
  • There exists a cell with reference(s) to an external spreadsheet

Solution:

  • Always handle rows where all cells are empty
  • Ignore reference(s) to external spreadsheets and use cached formula results in the main spreadsheet instead.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

SICS REQUESTS

Life
Accounting
[SICSR-15290] ‘Null’ Message when using ‘Generate Templete’  
Product Line: Life
Component/s: Accounting Technical Worksheet
Affects Version/s: SICS 4.8.6 SSP2
Fix Version/s: SICS 4.9.2
Customer: China Re

Problem:

When importing an input file that has no data there is an message showing 'Null'

Solution:
When importing an input file that has no data and only column headers the error message that is generated should be more descriptive. The text of the error message should read eg 'Unable to import the input file because it does not contain any data'

This message should appear when importing a file from the following options

1. Import Technical Worksheet from Spreadsheet
2. Import Technical Worksheet from Column Spreadsheet (P&C only)

3. Import Sub SOA File

4. Clicking on the option Retrieve when a cession batch file is imported

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15618] Inactivated WS creates ‘As Original’ Bookings on outward  
Product Line: Life
Component/s: Accounting Technical Worksheet
Affects Version/s: SICS 4.7 SSP7 ALL5
Fix Version/s: SICS 4.9.2
Customer: Allianz AG
External Issue ID: AS-80055

Problem:
Inactivated WS creates 'As Original' Bookings on outward

Solution:
Only bookings from a technical worksheets that have a status of Closed should be created as As Original bookings with origin Reac Preliminary on the OCC linked to the assumed business
Bookings from worksheets with any other status should not be transferred to the OCC

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15719] Can’t generate inward business AC  
Product Line: Life
Component/s: Accounting Cession/Retrocession (Life)
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-14095
Customer: DXC
Business
[SICSR-10727] Abend: DateMidnight cannot be cast  
Product Line: Life
Component/s: Business Document Production
Affects Version/s: SICS 4.5.2 SSP4 ALL1
Fix Version/s: SICS 4.9.2
Customer: DXC
External Issue ID: n/a

Problem:
View available tags abends in some situtations when you have time object together with repeat.

Solution:
Fix the coding error.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14962] Wrong share for previous effective period on amendment  
Product Line: Life
Component/s: Business
Affects Version/s: SICS 4.7
Fix Version/s: SICS 4.9.2
Customer: Swiss Life Zurich

Problem:
Wrong share for previous effective period of amendment
Solution:
When navigating through the effective periods on a business, the value in the field 'Amount Our Share' on the Limits Condition should be calculated and displayed based on the share of the amendment based on the effective period on which the user is currently on.

This will be similar to how the value is displayed when the user clicks on the respective amendment
Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15027] system abend when changing existing ‘Profit Comm type’  
Product Line: Life
Component/s: Business Conditions
Affects Version/s: SICS 4.8.6 SSP1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
System abend when changing existing 'Profit Comm type'

Solution:
The option 'Undefined' should not be made available for selection in profit commission type
Only the values available under reference data 00930 should be listed for selection

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15820] There is a crash on the deductions conditions when clicked on (try to access)  
Product Line: Life
Component/s: Business Conditions
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2 SICS 4.8.6 SSP6
Customer: Partner Re
External Issue ID: IN217360

Problem:
Abend when accessing the Deduction Condition on a Proportional STP on a Non Prop AB

Solution:
The Deduction Condition on a Proportional Single Treaty Protection on a non Proportional Business should not be inherited from the AB. The Deduction Condition should be as per the Deduction condition as available on any non Proportional Business
The Sliding Scale Commissions Tab should be available on the Proportional STP on a Non Proportional Business

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

Claim
[SICSR-15558] Abend when search NP claim & claim type is retrocession from find now option  
Product Line: Life
Component/s: Claim Find
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Abend when searching for Non Proportional Retrocession Claims

Solution:

It should be possible to find Non Proportional Retrocession Claims from the Find now window without abend.
It should also be possible to find the claims using any of the find criteria or from the quick claim option

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

Reporting
[SICSR-15702] Universe Structure Modifications to be done-Part 1  
Product Line: Life
Component/s: Reporting
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Adjustments found that are needed in order to get a slightly better structure and abilities to create client reports.

Miscellaneous
[SICSR-9424] avoid premium condition being enforced to follow limit child sections  
Product Line: Life
Component/s: Life Cession Handling
Affects Version/s: SICS 4.6.2 SLZ SSP1
Fix Version/s: SICS 4.9.2
Customer: Swiss Life Zurich
External Issue ID: Bug 33391

Problem:
Not possible to register NP premiums when NP Limits are missing on the section.

Solution:
Allow NP premiums to be recorded on a section even when NP limits are missing on the section.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-10724] Retrocession Process Order is not creating the correct Period To on SAR’s latest Transaction Period  
Product Line: Life
Component/s: Life Retrocession Handling
Affects Version/s: SICS 4.7
Fix Version/s: SICS 4.9.2
Customer: Swiss Life Zurich
External Issue ID: VSTS 50243

Problem:
Effective periods on the placement cessions do not follow the same effective periods as the parent retrocession cessions

Solution:
The effective period of all transactions on the placement cessions should always be the same as the effective period of all the transactions on the parent retrocession cession. This should be the case when the retrocession is of type standalone (manual or created through the order) or the strictly linked retrocession cession

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-12983] Not possible to delete a LUT which has been once linked to Other Deduction tab of a treaty and then removed  
Product Line: Life
Component/s: Lookup Tables
Affects Version/s: SICS 4.8
Fix Version/s: SICS 4.9.2
Issue Links: is duplicated by SICSR-14950
Customer: DXC

Problem:
Wrong relationship type and not possible to delete a LUT which has been once linked to Other Deduction tab of a treaty and then removed.

Solution:

When a Lookup Table is linked to the Other Deductions on the Deduction Condition, the business should be listed on the Relationships tab of the Lookup Table with the Relationship Type 'Deductions'
When the table is delinked from the Other Deduction either when the item is deleted or due to another table/ rate being defined for that item, the relationship between the table and the said business should be removed entirely
When the table is not linked to any business it should be possible to delete the table

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-13142] Standalone Retrocession - Generated termination transaction is not always showing correct period  
Product Line: Life
Component/s: Life Retrocession Handling
Affects Version/s: SICS 4.7
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-15221
Customer: DXC
[SICSR-13613] Treaty outline limit on the PT condition being mandatorily used by RPO as validation check  
Product Line: Life
Component/s: Life Retrocession Handling
Affects Version/s: SICS 4.8.3
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Treaty outline limit on the PT condition being mandatorily used by RPO as validation check
Solution:
When the RPO is run or when the retrocession is created manually (either as a manual standalone retrocession cession or as the manual retrocession process on an inward cession), only the Limits on the OCCs linked to the Protection Program should be validated and should be considered mandatory for processing the retrocessions

When the Limits are not entered on the Prop Treaty section of the OCC, the RPO and the manual retrocessions should be processed without any error message or abend

When the Limits are not defined on one or more OCCs on the PP, then the retrocession processing should be prevented with the existing validaion error message manually and when the RPO is run
Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-13666] Cession loader stress test for QHR - failure for 1.9 mllion upload  
Product Line: Life
Component/s: Life Cession Handling
Affects Version/s: SICS 4.8.3
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

We uploaded a batch of cession has 50,000+ records in DXC office successfully in 7 minutes.

But when we tried to upload another batch of 1.9 million records as the steps in attached docx, the batch stop in 3 minutes with failure but we couldn’t get any info in the batch job.

And the Admin desktop closed without any error message/walkback.

When reopen the admin desktop we see a failure in the Job history.

Cession loader Job Setup steps- error .docx

Please find the uploaded file:

Q:\Datafiles\Personal\Chelsea_OU\CESSION\2017Q3CLPC.zip

Solution:
Declination Reason:

(Delete as applicable one of above)

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-13865] Extra Mort/Morb can be calculate on manual cession but couldn’t validate on cession loader  
Product Line: Life
Component/s: Life Cession Handling
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: Qianhai Re

Problem:

Extra Premium and related ACIs are not validated as per the tolerance limits defined in the NC condition

Solution:

Manual Cessions:

All ACIs that are calculated/ created against Extra Premium and Extra Commission codes (both NB and Renewal) should be validated against the tolerance limits set on the NC conditions when applicable- This is similar to the validations done for Basic Premiums and Commissions

Cession Loader:
The validations done for Extra Premiums and Extra Commissions should follow the corrected manual online functionality. The cession loader should validate and list the cessions where the input ACIs are outside the tolerance limits set in the NC conditions

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14037] Not able to run a cession batch successfully after increase the length of UserDefined fields. It gives error 1438.  
Product Line: Life
Component/s: Life Cession Handling
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: National Re

Problem: 

 Cession loader does not accept the same number of digits/ characters on a UDF as per what is allowed manually

Solution:

The number of characters that are allowed on a the cession UDF for STRING fields as per the manual process should be accepted when the UDF is created through the cession loader. Increase the number of characters from 30 to 254

Declination Reason: 

 

Workaround:

 

Root Cause:

 

Extent of Impact:

 

Impact on Existing Data

 

Recovery Method for Existing Data Affected

[SICSR-14195] Accounts created after Last Accounting Year  
Product Line: Life
Component/s: Administration Condition
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Accounts created after Last Accounting Year

Solution:
When the user Calculate Accounts on the Administration Conditions, for a business with an Insured Period (IP) longer than 12 months, the system must check the IP end date and if it ends 31.12 in the same year as given in the Last Accounting Year for Calculation, then the system should calculate accounts up to and including this year only and NOT add another year to be calculated.
If the IP end date ends on a date different from 31.12, e.g. in 2017 and the user give 2017 as the Last Accounting Year, then the system shall do as today; calculate the accounts for another year to fill up 2017 plus calculate accounts also into next year.
Conclusion: make an exception when the IP end date is 31.12 for a year that is equal the Last Accounting Year for Calculation.
This works fine when the user enter the Last Accounting Year before the Calculate Accounts option is selected, but we also need to have this working correct when this is blank and the user enter the Last Accounting Year for Calculation later in the process.

Workaround:
Enter the Last Accounting Year prior to selecting the Calculate Accounts option. By doing this the Last Accounting Year for Calculation is automatically filled in and the system will calculate correct number of accounts.
If too many accounts have been calculated, it is also possible to delete the wrongly created accounts manually.

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14246] MTK export file of assumed business has “%LfMdtSchemaToPropPremiumConditionCashSurrenderRelationship,” line when there is no table attached to the Cash/Surrender value tab of its PM condition  
Product Line: Life
Component/s: Interface - Migration Extractor
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: National Re

Problem: 

MTK export file of assumed business has "%LfMdtSchemaToPropPremiumConditionCashSurrenderRelationship," line when there is no table attached to the Cash/Surrender value tab of its PM condition

Solution:
It should be possible to export a business via the CSV file utilities with the Lookup Table that is attached to the business condition without an error message
 Workaround:

 Root Cause:

 Extent of Impact:

 Impact on Existing Data

 Recovery Method for Existing Data Affected

[SICSR-14280] System crash When delete a business which has created a cession upload batch but not run yet  
Product Line: Life
Component/s:  
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: Qianhai Re

Problem:

System crash When delete a business which has created a cession upload batch but not run yet

Solution:
Prevent deletion of a business which is linked to a cession batch job with a validation message eg : 'The Insured Period has references to a cession batch. Deletion of the business is not possible' 

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14841] Incorrect Effective Periods on RP Cession Record following Full Recapture  
Product Line: Life
Component/s: Life Retrocession Handling
Affects Version/s: SICS 4.8.5 SSP1
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-15221
Customer: DXC
[SICSR-14850] Reinsurance transaction not processed when RPO effective date > Benefit Expiry Date  
Product Line: Life
Component/s: Life Retrocession Handling
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2
Customer: DXC
External Issue ID: WCER-982

Problem:

Reinsurance transaction not processed when RPO effective date > Benefit Expiry Date

Solution:

When the system parameter: Sum at Risk Standalone Individual Retrocessions Only is selected:

The retrocession processing order should only pick up all inward cession transactions that do not have the retroceded date set and have the transaction start date less than or equal to the effective date of the order to create new outward cessions or the respective transactions on existing outward cessions.

The benefit expiry date on the inward cession benefit should not be validated against the effective date of the order while processing the outward cessions.

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14873] TLAPSE via Batch Generates Changes to OCC SAIR before RPO run  
Product Line: Life
Component/s: Life Retrocession Handling
Affects Version/s: SICS 4.8.5 SSP1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

Reversals are automatically updated on the outward cession when they are created on the inward cession after a lapse transaction

Solution:
When a lapse transaction or any other termination transaction is created on the inward cession and it results in reversals on all existing transactions after the lapse automatic reversals on the linked outward transactions and the placements will be created. When the RPO is run, the lapse transactions will be created as the full recapture transaction on the outward cession and placemnts and the reversals that were created will get the retroceded date set

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14950] Not possible to delete a LUT which has been once linked to Other Deduction tab of a treaty and then removed  
Product Line: Life
Component/s: Lookup Tables
Affects Version/s: SICS 4.8
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-12983
Customer: DXC
[SICSR-15025] No SAIR created after running RPO in China market setting evn  
Product Line: Life
Component/s: Life Retrocession Handling
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

RPO does not create the SAIRs when the accumulation basis is per life, per MCOB

Solution:
The SR calculation rule on the OCC should not be applied to cessions where the ceded flag is not selected.
The result of the calculation rule whether it is selected on the OCC or not should always be considered as null when the ceded flag is not selected on the cession.
The sum to be retroceded should be calculated based on Per Life, Per Benefit or Per Life, Per MCOB depending on the system parameter selected

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15069] Abends running RPO on a PP that do not have any realised Treaty  
Product Line: Life
Component/s: Process Order
Affects Version/s: SICS 4.8.6 SSP1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Abends running RPO on a PP that do not have any realised Treaty

Solution:
Reword the validation error LCH079 as 'No Proportional Treaties defined/ attached/ fully realized'

When the PP that is being added to the RPO/ RPGO does not have all the OCCs as fully realized, then prevent adding that PP to the Retro Processing order or the Retrocession Processing Group Order with the message LCH079 'No Proportional Treaties defined/ attached/ fully realized'
This message should appear at the time of adding/ including the PP in the order

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15071] With ‘manual edit’ option in LUT, when using ‘Add Rows’, system does not allow input in the dimension column  
Product Line: Life
Component/s: Lookup Tables
Affects Version/s: SICS 4.8.6 SSP1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
With 'manual edit' option in LUT, when using 'Add Rows', system does not allow input in the dimension column

Solution:
When the Edit Rates Manually option is selected on a LUT, the option Add Rows should only be made available only for a Lookup Table where the Value Type is Percent and Monetary AND the table has been defined with more than one dimension i.e more than one column
Where the option Add Rows is enabled, the option Delete Rows should also be available on Right Click to enable the user to delete any duplicate rows that are entered.
The option Add Rows should be disabled when the Value Type is not Percent and Monetary or when there is only one dimension on a table with a value type Percent and Monetary

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15125] Some information not correct when LuT changed manually  
Product Line: Life
Component/s: Lookup Tables
Affects Version/s: SICS 4.8.6 SSP1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Some information not correct when LuT changed manually

Solution:
The Information Tab on the Lookup Table should reflect the information as per the version on which it is being viewed
When a table that has been imported is edited manually as a new revision, the Filename field should be displayed as 'None' and the Table Definition Method should be displayed as 'User Defined' for the revision

When there is a new revision on a User Defined table through import, then in Information tab on the new revision the Filename field should display the path of the imported file and the Table Definition Method should be displayed as Imported

The Find window should display the 'Source' field as per the Table Definition Method on the latest active version of the table

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15203] Abend when running the RPO when the SR condition is not defined on the OCC  
Product Line: Life
Component/s: Life Retrocession Handling
Affects Version/s: SICS 4.8.6 SSP1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

Abend when running the RPO when the SR condition is not defined on the OCC

Solution:

All Retrocession Basis:

When the SR condition has not been defined on one or more of the OCCs linked to the protection program on the retroprocessing order:

The SAIRs should not be created and the cessions should be listed under the Failed Assignments with the error message 'One or more OCCs are invalid because the Sum at Risk condition has not been registered '

When the SR condition on the OCC SoC is not defined and a manual assignment of the Protection Program is done on a manual cession or the QS OCC that is attached to the SoC of the business does not have the SR condition defined:

The retroprocessing should be stopped with an error message 'One or more OCCs are invalid because the Sum at Risk condition has not been registered '

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15221] Effective Period To dates of existing NB SAIR Benefit not consistent on the placement level  
Product Line: Life
Component/s: Life Retrocession Handling
Affects Version/s: SICS 4.8.6 SSP1
Fix Version/s: SICS 4.9.2
Issue Links: is duplicated by SICSR-13142
Customer: DXC

Problem:
Related to placements:
RPO wrongly sets the new To-date of a previous transaction that is an existing NB having an Expiry date.
This situation should be corrected to ensure consistency.

Solution:
Fix so that RPO correctly sets the new To-date of existing NB retrocession after renewal or amendment transaction also for placements.
The To-date of previous existing transaction should be set to as one day previous to the new transaction From-date equal to existing functionality for SAIR OCC level.

[SICSR-15339] RetroClaim Created Date is not appearing  
Product Line: Life
Component/s: Life Claims Handling
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Retrocession Claim Created Date is not appearing in Individual Claim and Placement Retrocession Claim

Solution:
The Retroclaim created date should be updated on the retrocessionaire placement claims from the retro claim and the inward claim when the retroclaim is created through the claim processing order.

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data:

Recovery Method for Existing Data Affected:

[SICSR-15492] Deduction ACIs not validated as per the calculated value  
Product Line: Life
Component/s: Life Cession Handling
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Deduction ACIs not validated as per the calculated value
Solution:

When any ACI is validated against the tolerance limits set on the NC condition, the validation should be done based on the ACI value input against the calculated value for the respective entry code and the error message should display the actual calculated value for that ACI item.

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15566] Non- Ceded Scenario System rejects Claim when there is a gap in Renewal - Claim Date lies within an active period  
Product Line: Life
Component/s: Life Claims Handling
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
System rejects Claim when there is a gap in Renewal - Claim Date lies within an active period

Solution:

It should not be possible to create cession benefits with a gap in the transactions and therefore claims will always need to be within an effective period

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15610] SICS allows loading of a premium table with duplicate values/entries in it.  
Product Line: Life
Component/s: Life Cession Handling
Affects Version/s: SICS 4.9.2
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

Incorrect rates imported/ applied when a table with duplicate entries is imported

Solution: 
When importing a table that have values that will result in duplicate entries for the column values, the error message MDT022 must appear and prevent the table from being created with duplicate values
This should happen when the table is imported the first time or duplicate rows are being created through the merge function.

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15623] Getting abend when Rate/Amount Heading 2 is empty for Quota share limit table  
Product Line: Life
Component/s: Lookup Tables
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem: 

Getting abend when Rate/Amount Heading 2 is empty or an empty txt file is imported

Solution: 

When importing an LUT of type txt, xls, xlsx or csv file and the input file is empty the error message File is Empty should appear and prevent the user from proceeding further without abend

When a table is imported and there is no value in the Rate/Amount Heading field the message SYN0002 The Rate Amount Heading field is required but has not been specified' should appear and prevent the user from proceeding further

Declination Reason:

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

SICS REQUESTS

P&C
Accounting
[SICSR-9509] Client Crash when “Relocate” Paired Claim Worksheet in the View Ledger Balances Pairing Screen  
Product Line: P&C
Component/s: Accounting Pairing
Affects Version/s: SICS 4.6 SSP14
Fix Version/s: SICS 4.9.2
Customer: China Re

Problem:
Client Crash when "Relocate" Paired Claim Worksheet in the View Ledger Balances Pairing Screen

Solution:
The system must be able to open the Claim Worksheet Properties for the selected balances in the ACTUAL balance pairing properties window, even if another pairing has been shown. Must be done in the same way as we can open the Worksheet Properties for a technical balance even if another pairing properties has been shown.

Workaround:
Close the pairing properties and reopen it to be able to navigate to the Claim Worksheet Properties again.

Root Cause:
Old Code

Extent of Impact:
Abend

Impact on Existing Data
None

Recovery Method for Existing Data Affected
N/A

[SICSR-11848] FC amount not set for worksheet booked through M&D P Order ( Treaty Inward )  
Product Line: P&C
Component/s: Accounting Orders
Affects Version/s: SICS 4.5.2 SSP19
Fix Version/s: SICS 4.9.2
Customer: Zep Re (PTA)

Problem:
FC amount not set for worksheet booked through Instalment Premium Order if worksheet status is changed from Authorized to Closed

Solution:
From Accounting Orders, not only Instalment Premium orders, when the user select the menu option Close Remaining Open Worksheets, make sure the system follow the regular closing processes in respect of calculating the Functional Currency amounts, also for worksheet with other statuses than Open, e.g. Authorized, in the same way as when current status of the worksheet is Open.

Workaround:
Either close the worksheet automatically when running the order or keep the worksheet in status Open before you select the option Close Remaining Open Worksheet from the View Worksheets window.

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-13659] Calculation Order generates balances with different worksheet prefix  
Product Line: P&C
Component/s: Accounting Orders
Affects Version/s: SICS 4.7 SSP17
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich
External Issue ID: PRB000599602

Problem:
Our user has reported that the retro processing with a retro Calculation Order has generated quite some number of booking records we do not expect,
mainly on deposit calculation and even on currencies (ITL, DEM etc.) which should no longer be used. Our investigation has identified that all these
unnecessary bookings are probably triggered by the fact that detail notes are taken into account for the evaluation of current reserve balance for the new
deposit retained calculation.
In additional we have detected some areas where we feel to experience some performance degradation.

Solution:
A)
Calculating/booking Deposit through Retrocession Calculation Order;
Override the Comment from the source details, except when the flag 'Comments Required' is selected on the Entry Code.
(This will avoid creating Deposit details when cumulated source details amounting to zero)

B)
The Worksheet id assigned to the bookings produced by the Retrocession Calculation Order must be with prefix defined in the system parameter Accounting/Worksheet/'Worksheet and Balance Identifier Series' for the Type of Worksheet/Balance 'Retrocession' (and not the default Worksheet Type e.g. 'TW')

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-13668] Reinstatement error  
Product Line: P&C
Component/s: Accounting Reinstatement Premium
Affects Version/s: SICS 4.8.3
Fix Version/s: SICS 4.9.2
Issue Links: is duplicated by SICSR-14490
Customer: Reale Mutua Assicurazioni

Problem:
Incorrect reinstatement premium calculated when reduction of claim reserve for one accounting classification, and the Reinstatement condition has selected Currency of Premium.

Solution:
When reducing claim reserve for an outward claim, the reinstatement premium must be correspondingly reduced. This must be also be the case when the reduction is split between two ACs, and one has an increase and the other a reduction.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14020] Auto Booking to Closed Period Causes Abend  
Product Line: P&C
Component/s: Accounting Orders
Affects Version/s: SICS 4.5.2 SSP22
Fix Version/s: SICS 4.9.2
Customer: Axis Group
External Issue ID: TFS52564

Problem:
Auto Booking to Closed Period Causes Abend

Solution:
When booking instalments, either Book Selected Instalments, Book and Close Selected Instalments or even from the Instalment Premium order, if there are no open booking periods because the Closing Booking Terms have been defined so, make sure the system still

1) open the worksheet when Book Selected Instalments is selected or the order runs with Open worksheet and

2) present message AC0119 when Book and Close Selected Instalments is selected or the order runs with Closed worksheet.

This is what the system does if the All Booking Periods Closed is selected for the Base Company (also found on the Closing Booking Terms window)

Workaround:
In case all booking periods should be closed for a base company I suggest you use the option "All Booking Periods Closed" instead of restricting the general open booking periods by closing all periods.

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14095] Incorrect LOB mapping possible for Accounting Classifications  
Product Line: P&C
Component/s: Accounting Classification
Affects Version/s: SICS 4.8.4
Fix Version/s: SICS 4.9.2 SICS 4.8.5 SSP3 SICS 4.8.5 SSP4
Issue Links: is duplicated by SICSR-15719
Customer: Swiss Re Zurich
External Issue ID: PRB000600920

Problem:
Incorrect LOB mapping possible for Accounting Classifications

Solution:
When Accounting Classification is created on a business, make sure the system check ALL reference data values that are part of the AC and make sure that the Parent/Child dependency for the values are valid, both those mandatory in the AC and those that are optional in the AC. It should not be possible to create an AC with a set of values that are not defined as Parent/Child in the reference data.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14185] System crash validating LP entry or when automatically booking LP on open worksheet  
Product Line: P&C
Component/s: Accounting Technical Worksheet
Affects Version/s: SICS 4.8.4
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich
External Issue ID: PRB000601196

Problem:
CreateDeductiblesConditionRequest - LossParticipationElement - the elements minLossRatio and lossParticipationRatio are not marked as minOccurs="1" and if lossParticipationRatio is not provided it is set on the condition as null (rather than 0) and causes abend when used in calculation

Solution:
CreateDeductiblesConditionRequest - LossParticipationElement - the elements minLossRatio and lossParticipationRatio should be marked as minOccurs="1" in the xsd

Workaround:
To set a 0 on all step entries which are returned with the below script

select b.IDENTIFIER, LCP.INSRD_PERIOD_START, e.*
from
SSS_ELEMENT e JOIN 
BUS_LOSS_PART lp on lp.FK_SSS = e.FK_SSS JOIN
BUS_LPLC lplc on lplc.FK_LOSS_PART = lp.OBJECT_ID  JOIN
COND_CONNECTOR cc on CC.FK_SHARED_OBJECT = lplc.OBJECT_ID AND CC.IS_OWNER = 'Y' JOIN
BUS_COND_CONTAINER bcc on bcc.OBJECT_ID = CC.FK_CONTAINER JOIN
SCOPE_OF_COVER s on s.OBJECT_ID = BCC.FK_SOC JOIN
LIFE_CYCLE_PHASE lcp on lcp.OBJECT_ID = S.FK_LIFECYCLEP JOIN
INSURED_PERIOD ip on ip.OBJECT_ID = LCP.FK_INS_PRD JOIN
BUSINESS B on b.OBJECT_ID = IP.FK_BUSINESS
WHERE e.RESULT_VALUE IS NULL;

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14312] SICS wrongly calculate accounting on ORP when booking Adjustment if Special Premium is selected  
Product Line: P&C
Component/s: Accounting Outward Premium Accounting
Affects Version/s: SICS 4.8.4
Fix Version/s: SICS 4.9.2
Customer: Assicurazioni Generali S.p.A.

Problem:
SICS wrongly calculate accounting on ORP when booking Adjustment if Special Premium is selected

Solution:
The calculation of adjustment premium on non prop treaty ORPs, should be the same independent if the Special Premium flag is ticked on the OCC or not and independent if the Premium Rate and M&D Premium is overridden on an ORP or not. The calculation must be done on the ORP level, i.e. so that the Premium Rate, Instalments booked and how it has been split by the AC % Split, and not on the OCC level, and the AC% Split must be taken from the OCC level.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14384] Abend clicking on open balance that has been split / grouped on worksheet - Not resolved  
Product Line: P&C
Component/s: Accounting Find
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3569

Problem:
Abend clicking on open balance that has been split / grouped on worksheet - Not resolved

Solution:
When the worksheet is opened for an open balance found on the BP ledger, and this balance is of any reason deleted, e.g. if an existing split option is removed so that the details in two or more balances are merged into one, for the deleted balance that is still present in the list, make sure all relevant menu options are disabled, e.g. More Balance Information, View Balance Details, Offset Balance, Business Properties, etc.

Workaround:
When the split / grouping is removed from the worksheet so that the balance list on the BP ledger display a "ghost" balance (a balance that is actually deleted from the database), just press Find Now to have the list refreshed.

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14504] User is navigated to open Remittance worksheet window but message displayed there as well Message for Open Edit window should display only once as it happens on other screens  
Product Line: P&C
Component/s: Accounting Remittance Worksheet
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3632

Problem:
Reverse and Replace Remittance for any remittance balances when having an open edit window already results in Message for Open Edit window being displayed twice (both current operation window and current edit window).

Solution:
On the business partner ledger, when you have an edit window open, and you select the option Reverse and Replace Remittance for any remittance balances the system presents message SICS0008, telling the user that "You are trying to open an edit window but there is already one opened", in this situation when the message SICS0008 appears, we must make sure this message appears only once.

Workaround:
OK the 2 open edit window problems and decide what you are currently doing.

Root Cause:
You have an edit window open, and from BPL select the option Reverse and Replace Remittance for any remittance balances

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14655] System crash when booking on technical worksheet  
Product Line: P&C
Component/s: Accounting Technical Worksheet
Affects Version/s: SICS 4.7 SSP13 CHR2
Fix Version/s: SICS 4.9.2
Issue Links: is duplicated by SICSR-14960
Customer: China Re

Problem:
Abend creating accounting Classification via Accounting when Classify Reinsurance by Alternative Classifications is set.

Solution:
Classify Reinsurance by Alternative Classifications should have no effect on AC creation - the method for P&C is Type of Participation which should be available and not any alternative type.

Workaround:
Create / Generate AC from Business and do not edit and click the Method Update button on an AC.

Root Cause:
SICSE-979 - Classify Reinsurance by Alternative Classifications

Extent of Impact:
System Parameter - Business -> Classification -> Alternative Classification checked.

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14788] “Find in Accounting Classification” on Business Ledger Reserve Tab is wrong.  
Product Line: P&C
Component/s: Accounting Business Ledger
Affects Version/s: SICS 4.6 SSP17 TOA15
Fix Version/s: SICS 4.9.2 SICS 4.6 SSP17 TOA16
Customer: Toa Reinsurance Company Limited Japan
External Issue ID: IMPL-1941

Problem:
"Find in Accounting Classification" on Business Ledger Reserve Tab is wrong, i.e. the system displays the Accounting Classification with same name, but belonging to different Insured Period once per Insured Period.

Solution:
When the user selects Find in Accounting Classification (in the column heading) on any of the following tabs on the business ledger; Cash Claims, Premium Due Later, Deposits, Non-Liquid Deposits and Reserves, make sure the values with EQUAL names are shown only once.

Workaround:
Just select one of the equal names and the result will be correct.

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14827] Accounting Period From To based on Due Date not updated automatically  
Product Line: P&C
Component/s: Accounting Outward Premium Accounting
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2 SICS 4.8.6 SSP4
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3399

Problem:
The Accounting Period From - To is not updated on the instalments on a non prop treaty OCC when the Due Date is changed

Solution:
When the Due Date is updated on the OCC we must make sure the Accounting Period From - To is updated accordingly on the OCC, also on renewed Insured Periods, and that both the Due Date, Payment Date and the Accounting Period From - To is simultaneously updated on the inherited instalment conditions on the ORPs.

Workaround:
Manually update the Accounting Period From - To on the OCC and this will automatically be updated on the ORPs

Root Cause:

Extent of Impact:
Accounting Period based on Due Date with due date changed on renewed contract

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15164] Booked PTF Withdrawal amount presented slightly different on AC0770  
Product Line: P&C
Component/s: Accounting Technical Worksheet
Affects Version/s: SICS 4.8.5 SSP3
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich
External Issue ID: PRB000602972

Problem:
Booked PTF Withdrawal amount presented slightly different on AC0770

Solution:
When converting between currencies then avoid any loss of precision (due to rounding) as much as possible by only truncating amounts at the point of comparison and display.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15281] The Premium PTF Withdrawal does not compute correctly anymore for Percent of Premium  
Product Line: P&C
Component/s: Accounting general
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich
External Issue ID: PRB000603042

Problem:
When the Premium Portfolio Withdrawal Calculation Method is Percent of Premium then any Premium added to the same worksheet as a PPW booking is not considered.

Solution:
When the Premium Portfolio Withdrawal Calculation Method is Percent of Premium then basis entries (Premium) in the current worksheet for a Withdrawal booking can be considered for calculation as there is no entry (reserve) that requires adjustment / nullification (unlike the case for a Loss Portfolio Withdrawal with Percent of Reserve where basis bookings in the current worksheet cannot be considered).

Workaround:
Ignore the validation problem or book the Premium first and close the Worksheet and then the PPW.

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15295] Abend in closing claim worksheet.  
Product Line: P&C
Component/s: Accounting Reinstatement Premium
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2 SICS 4.8.6 SSP5
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3605

Problem:
Abend when closing claim worksheet from claim worksheet icon.

Solution:
When accessing and closing an already existing claim worksheet from claim worksheet icon at business main window; the system must find the actual claim-to-soc relation without an abend.

The text of AC0432
"Reinstatement condition is defined business (%1) and no reinstatement calculation has been performed for claim (%2). Do you want to continue?"
is confusing - What it actually is is 'Do you want to skip calculation?" as you continue whatever - Change the trailing text to "Do you want to skip calculation?"
The reinstatement is not calculated when answering in the affirmative and the message text should reflect that.

Workaround:
Close Claim worksheet from claim ledger to avoid abend.
Change the text of AC0432 from Do you want to continue? to Do you want to skip calculation?

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15318] System abend when transferring the technical worksheet from IAB to IGC  
Product Line: P&C
Component/s: Accounting Technical Worksheet
Affects Version/s: SICS 4.8.6 SSP2
Fix Version/s: SICS 4.9.2 SICS 4.8.5 SSP2 REN3
Issue Links: is duplicated by SICSR-15933
Customer: China Re

Problem:
The system gets abend when closing the technical worksheet on an IGC ORP when trying to book on the related IGC IAB with Entry Code Transformation term where no source EC is defined.

Solution:
When the system automatically creates a worksheet on an IGC IAB business, coming from an IGC ORP (can by any type - prop/non prop treaty or fac), and an Entry Code Transformation Term (ECTT) is found on the IGC IAB and the worksheet contains an Entry Code that is defined in the ECTT as source EC and there are no target EC for this rule in the ECTT, make sure that the whole detail is deleted on the worksheet on the IGC IAB.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15345] Walkback on PostBookingReview request  
Product Line: P&C
Component/s: Accounting general
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich
External Issue ID: PRB000603231

Problem:
Walkback on PBR request

Solution:
When running the web service for Post Booking Review (PBR), for a worksheet on a business where ALL PBR Exceptions have been selected, make sure the system is able to perform without abend, i.e. the response should be nil - worksheet should not be reported.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15430] Manual Worksheets on OCC ‘as Original’ are not shown on Worksheet Exclusion Window.  
Product Line: P&C
Component/s: Accounting Prop Retro
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2
Customer: SOMPO JAPAN INSURANCE INC.

Problem:
Manual Worksheets (made directly on the Outward Cedent's Contract) are not included in the Worksheet Exclusion accessed from the Retrocession Calculation Order

Solution:
Include Manual Worksheets (made directly on the Outward Cedent's Contract) in the Worksheet Exclusion accessed from the Retrocession Calculation Order

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15447] Type of Participation is not included in the Classification Items of Accounting Classification if there are more than one reporting units.  
Product Line: P&C
Component/s: Accounting Classification
Affects Version/s: SICS 4.6 SSP17 TOA15
Fix Version/s: SICS 4.9.2 SICS 4.6 SSP17 TOA16
Customer: Toa Reinsurance Company Limited Japan
External Issue ID: IMPL-1955

Problem:
Type of Participation is not included in the Classification Items of Accounting Classification if there are more than one reporting units.

Solution:
When you automatically Generate Accounting Classification on a business with more than one value of a RU Category, make sure the system also adds the Type of Participation on the AC for the second RU value.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15499] Bookings created from commutation order misses the link to headline loss  
Product Line: P&C
Component/s: Accounting Orders
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
The Commutation order fails to set the link to Headline Loss on the bookings

Solution:
The link to Headline should be set when relevant on the bookings

Workaround:

Root Cause:

Extent of Impact:
Headline Loss NonProp booked figures display incorrect figures after commutation

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15505] Non display of new estimation items @ ORP level  
Product Line: P&C
Component/s: Accounting Outward Premium Accounting
Affects Version/s: SICS 4.8.5 SSP2 REN1
Fix Version/s: SICS 4.9.2
Customer: Renaissance Re
External Issue ID: SO-66

Problem:
No display of new estimation items for ORP

Solution:
Create single estimation item for ORP same ways as done for OCC.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15530] Linking a Non Prop OCC to a Prop OCC to which it inures - retrocession of only informational codes  
Product Line: P&C
Component/s: Accounting Non-Prop Recovery
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
When retroceding informational codes, retention, through top etc. should not consider any unplaced share when retroceding - it should be the full amount

Solution:
When system parameters: Proportional Protection Assignment on Non-Prop OCC in use and Retrocede Informational Entry Codes from Non Prop OCC are both selected, and a Non Proportional OCC is protected by a proportional OCC all Informational bookings created for Non Prop OCC Claims will be retroceded to Proportional OCC As Original ledger. The informational bookings (f.ex. Paid Retention, Retention Reserve, Paid in Aggregate Deductible, Paid Reinstatement Exhausted, Paid Through Top etc.) is retroceded with the same sign and the same amount as booked at OCC Claims at Non Prop OCC As Booking.

Workaround:
None

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15537] EREAC/REAC Combo Order does not push estimates to IGC  
Product Line: P&C
Component/s: Accounting Orders
Affects Version/s: SICS 4.8.5 SSP2 REN1
Fix Version/s: SICS 4.9.2 SICS 4.8.5 SSP2 REN3
Customer: Renaissance Re
External Issue ID: SO-76

Problem:
EREAC/REAC Combo Order does not push estimates to IGC

Solution:
When Retrocession Calculation Order runs with the Include Estimates box selected on the order, and bookings both actual and estimates are booked on the As Booking ledger of the IGC ORP business, make sure the estimation bookings are copied over to the related IGC IAB in the same way as when the Retrocession Estimation Calculation order runs.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15544] Premium Reserve missing for the Estimates when running a Retrocession Calculation Order including Estimates  
Product Line: P&C
Component/s: Accounting Prop Retro
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Premium Reserve missing for the Estimates when running a Retrocession Calculation Order including Estimates

Solution:
The Estimates booking when produced by the Retrocession Calculation Order including Estimates must perform calculations in the same way as when a separate Retrocession Estimation Calculation Order is run.
The calculations must be run in sequence - starting with the Estimates and then the Actual bookings afterwards.

Workaround:
Run separate Retrocession Calculation order and Retrocession Estimation Calculation Order

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15571] FC amount is not set when I run UPR orders for businesses which have amendments.  
Product Line: P&C
Component/s: Accounting Orders
Affects Version/s: SICS 4.6 SSP17 TOA15
Fix Version/s: SICS 4.9.2 SICS 4.6 SSP17 TOA16
Customer: Toa Reinsurance Company Limited Japan
External Issue ID: IMPL-1957

Problem:
Functional Currency amount is not set when Unearned Premium Order is run for businesses with amendments.

Solution:
Make sure Functional Currency amounts is always populated

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15580] Allocation of AC on AB from IGC - Unable to Link & Unlink UW years  
Product Line: P&C
Component/s: Accounting Prop Retro
Affects Version/s: SICS 4.8.5 SSP2 REN1
Fix Version/s: SICS 4.9.2
Customer: Renaissance Re
External Issue ID: SO-50

Problem:
Unable to Unlink UW years if bookings exist on at least one of the involved businesses in the IGC

Solution:
When the intra group link is removed between an ORP and an IGC IAB with the option Unlink Inward Intra Group Contract is selected on the Life Cycle tab on the ORP, the system will check if there are bookings on at least one of the involved businesses and if it is the error message BR0119 appears. The BR0119 message should be changed to a CONFIRM message so that the user is made aware that bookings exist but with an option to continue unlinking the two businesses.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15584] Recovery order on OCC does not group original base company in correct balance according to the Separate Balance flag  
Product Line: P&C
Component/s: Accounting Non-Prop Recovery
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
System does not comply with separate balance flag when running recovery calculation order

Solution:
When having multiple base companies at a Non Prop OCC, and there is one main base company, and at least one base company with "separate balance" flag, the system must create one common balance for details coming from "main base company" which includes all other base companies without "separate balance" flag. If there is one (or more) base company with "separate balance" flag activated; there must be a separate balance for all details from that particular base company. When running recovery calculation order these rules must be applied; both for Recovery Calculation for single OCC and Protection Program.

Workaround:
None

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15824] As Account reversed reserve amount which is created by Partner Commutation Order is wrong.  
Product Line: P&C
Component/s: Accounting Orders
Affects Version/s: SICS 4.6 SSP17 TOA16
Fix Version/s: SICS 4.9.2
Customer: Toa Reinsurance Company Limited Japan
External Issue ID: IMPL-1962

Problem:
As Account reversed reserve amount which is created by Partner Commutation Order is wrong.

Solution:
Running Commutation Multi Business - Account Currency Order;
When system converts reserve figures from various Booking Currencies to one Account Currency, each currency must be converted to the Account Currency and shown as a total. Must not convert and book the total for all currencies for each of the currencies being converted.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15923] Bad performances generatic Accounting Classifications  
Product Line: P&C
Component/s: Accounting Classification
Affects Version/s: SICS 4.8.3
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-14095
Customer: Assicurazioni Generali S.p.A.
[SICSR-15933] Walkback in isNewDetailToBeAttachedToTheBalance()  
Product Line: P&C
Component/s: Accounting general
Affects Version/s: SICS 4.8.5 SSP2 REN1
Fix Version/s: SICS 4.9.2 SICS 4.8.5 SSP2 REN3
**Issue Links: ** duplicates SICSR-15318
Customer: Renaissance Re
External Issue ID: SO-149
Business
[SICSR-323] Instalment removed on ouward cedent’s contract does not remove instalement on retrocessionaire  
Product Line: P&C
Component/s: Business Premium/Limit Condition
Affects Version/s: SICS 4.4.1
Fix Version/s: SICS 4.9.2
Issue Links: is duplicated by SICSR-14672
Customer: Assicurazioni Generali S.p.A.
External Issue ID: GEN1095

Problem:
When having placed a contract to a retrocessionaire after the user has added One Instalment to the OCC, then adding one more instalment and then removing this again, the system does not remove the latter from the retrocessionaire. The error occurs only when the added instalment has no amount.

Solution:
Outward Cedent’s Contract:
When creating a retrocessionaire AFTER the user has added One premium Instalment to the OCC, and the adding one more instalment and then removing this again by Remove On Instamlent, the system should also remove this from the retrocessionaire, also when the instalment is without an amount.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data:

Recovery Method for Existing Data Affected

[SICSR-12417] classifications not always distributed to sub sections according to parent classifications  
Product Line: P&C
Component/s: Business Structure
Affects Version/s: SICS 4.7 SSP15
Fix Version/s: SICS 4.7 SSP22 SICS 4.9.2
Issue Links: is duplicated by SICSR-15878
Customer: Milli Re
External Issue ID: MILI-1331

Problem:
When creating sections per e.g. Main Class of Business, and a 'grandchild' Classification Type (e.g. Additional Classification 4) has more than one 'parent', the created sections do not receive the 'grand child' classifications that have more than one 'parent'.

Solution:
When creating sections per a Classification Type (e.g. Main Class of Business), and the 'grandchild' Classification Type (e.g. Additional Classification 4), has more than one parent (e.g. Class of Business), the classifications allocated from the parent section to the created sections should be the ones valid for the other classifications on the created sections.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-12929] Highlight Classifications Not Update on Time  
Product Line: P&C
Component/s: Business Structure
Affects Version/s: SICS 4.8
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-14095
Customer: China Re
[SICSR-13445] Error in calculation of Minimum Premium Our Share Per Curr  
Product Line: P&C
Component/s: Business Underwriters Estimates
Affects Version/s: SICS 4.8
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
When using variable %minimumPremiumAmountOurSharePerCurr in Underwriters Estimates calculation:
1. If no Minimum premium is entered in Premium and Limit conditions, an error is incorrectly given
2. When Minimum Premium is entered in Premium and Limit conditions, the variable incorrectly returns the 100% value instead of the value for our share.

Solution:
1. When no Minimum Premium is entered in Premium and Limit conditions, the variable should return 0 without giving any error
2. When Minimum Premium is entered in Premium and Limit conditions, the variable should return the value for Our Share entered in the currency equal to the estimate currency.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14000] Inconsistent behavior on Non-proportional facultative protection at section addition and removal  
Product Line: P&C
Component/s: Business Placements
Affects Version/s: SICS 4.8.4
Fix Version/s: SICS 4.9.2
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3499

Problem:

Adding a sub section to an assumed business adds the same sub section to an already established facultatitve protection even though the latter is non-proportional. 

Solution:

Adding a sub section to an assumed business should not add the same sub section to an already established Facultative Protections if the latter is non-proportional.

Workaround:
Delete any unwanted sub section from the Non-Prop FAC RP

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14358] Business require different user to complete registration - Not working correctly  
Product Line: P&C
Component/s: Business
Affects Version/s: SICS 4.8.4
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-15527
Customer: Zep Re (PTA)
External Issue ID: ZepRe/484/16
[SICSR-14672] Newly added installment is not removed from retrocessionaire participation  
Product Line: P&C
Component/s: Business Premium/Limit Condition
Affects Version/s: SICS 4.8.5 SSP1
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-323
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3548
[SICSR-15359] can not remove business from Merger Group after message  
Product Line: P&C
Component/s: Business Structure
Affects Version/s: SICS 4.6 SSP17 TOA15
Fix Version/s: SICS 4.9.2 SICS 4.6 SSP17 TOA16
Customer: Toa Reinsurance Company Limited Japan
External Issue ID: IMPL-1952

Problem:
It is not possible to remove a business from a merger group if having first asked to remove multiple businesses. 

Solution:

When having selected several member businesses in a merger group, then selected 'remove assignment' from the pop up menu and then having replied Yes to the question, the system should remove these businesses from the group.   

Workaround:

Do a full refresh and remove one business at the time form the group. 

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15527] Stopped from setting registration complete even if other user last updated contract  
Product Line: P&C
Component/s: Business Structure
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Issue Links: is duplicated by SICSR-14358
Customer: Zep Re (PTA)

Problem:

The system stops the user from setting the registration to complete on a contract even though another user was the last one to update the contract.  The error occurs only when the last user to update the contract entered something in a condition, e.g. clauses condition, for he first time.  If the last user to update something was updating an already existing condition, the system correctly considers this to be the last user to update the contract.  

Solution:

If a user is not the last one to update something on the contract, he/she should be allowed to set the contract to registration complete.  This should be the case also when the user who last updated the contract created a condition for the first time.  

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15546] abend deleting secondary currency if Premium Type Flat  
Product Line: P&C
Component/s: Business Conditions
Affects Version/s: SICS 4.8.3
Fix Version/s: SICS 4.9.2 SICS 4.7 SSP16 SIR4
Customer: Assicurazioni Generali S.p.A.

Problem:
The system abends if deleting secondary premium and limit currencies when premium type is flat.  The error occurs for some types of business. 

Solution:
The system should not abend when deleting secondary premium and limit currencies when premium type is Flat Premium, regardless of type of contract.

Workaround:

Root Cause:
--SICSR-6208-- Incoherent premiums when removing secondary currency in SICS 4.7 was coded explicitly for Facultative business

Extent of Impact:
Flat Premium on contract other than Proportional Facultative

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15763] net premium on sub section is incorrect after full refresh  
Product Line: P&C
Component/s: Business Premium/Limit Condition
Affects Version/s: SICS 4.8.6 SSP4
Fix Version/s: SICS 4.9.2
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3522

Problem: 
When adding a deduction on a contract, and there are existing premiums on the sub sections, the system recalculates the net premiums on the sub sections.  After full system refresh, they are set back to not recalculated again. 

Solution: 
The system should recalculate already existing Net Premiums on sub sections from added deduction on the parent section, also when the added deduction item is the first within its group. These recalculated net premiums should remain the same  also after full system refresh.  

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15808] amendment premium overridden by increase of minimum even though minimum still lower  
Product Line: P&C
Component/s: Business Premium/Limit Condition
Affects Version/s: SICS 4.8.6 SSP4
Fix Version/s: SICS 4.9.2 SICS 4.8.6 SSP5
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3660

Problem:

When having amended the Premium and Limit Condition Main Tab first and then linking this amendment also to the Deposit Premium tab, and here increasing the Minimum Premium, the system changes the Gross Premium of the Main tab.  It does this regardless of the Minimum Premium becoming larger than the existing Gross Premium or not.

Solution:

When changing the Minimum Premium, the system should only change the Gross Premium if the new Minimum Premium is larger than the existing Gross Premium.  In this case, it should set the Gross Premium to the same as the new Minimum.  It should behave the same way as it currently correctly does if doing the same change but having linked the Deposit Premium Tab to the amendment first.

Workaround:

-For an already wrong business:
Consider typing in the same amount in Gross Premium as in Minimum Premium for the last effective period

-For new amendments, amend the Deposit Premium Tab first, then amend the Main Tab

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15810] Incorrect exchange rate in calculation of Min and Dep premium in UW Estimates  
Product Line: P&C
Component/s: Business Underwriters Estimates
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Underwriter Estimates calculations using variables %minimumPremiumAmountOurShare or %depositPremiumAmountOurShare always uses a 1:1 exchange rate when converting from a different currency into estimate currency.

Solution:
Make sure minimum and deposit amounts entered in different currency than estimate currency is converted to estimate currency using the RoE defined in P/L Conditions

Workaround:
None

Root Cause:
SICSR-14694

Extent of Impact:
Incorrect calculation of Minimum and deposit premium in Underwriters estimates.

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15946] Abend when creating assumed business template  
Product Line: P&C
Component/s: Business Create New
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

When creating a new Assumed Business Template, the system abends.   

Solution:

When creating a new business with Level of Business:  Assumed Business Template and selecting Next or Finish, the system should proceed with the creation as normal.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

Claim
[SICSR-14149] Acct period entry from Claim booking  
Product Line: P&C
Component/s: Claim Worksheet
Affects Version/s: SICS 4.8.4
Fix Version/s: SICS 4.9.2
Customer: Renaissance Re

From Steinar Tangen:

When system parameter 'Accounting Information based on As of Date' is selected, the Accounting Period From and To dates are defaulted to the first and last day in the month of the As of Date. When accounts are defined in Administration conditions, there are other rules for the length of the period, depending on the account frequency.
I see that when the As of date is within the first month of the contract, and the Inception date is not the first day in the month, the Accounting Period From Date is still defaulted to the first day in the month. This is hardly intentional as is it not allowed in SICS to have an Accounting Period From Date prior to the inception date. In these cases, the Accounting Period From Date should instead be set to the Insured Period Start Date. So, it can probably be considered as a bug.

We could inactivate the above mentioned parameter, but I am not in favor of that. If we do the Accounting Period From - To dates would default to the insured period start and end dates, and I think the month of the as of date makes more sense.

I assume the problem will not occur very frequently, as it will only occur when the insured period start is not the first in the month, and a claim occurs, and is reported within the first month.

If you think it creates a problem, please raise a ticket with DXC and it would probably be accepted and changed as a bug.

We do feel that this creates a problem.

[SICSR-14464] When adding multiple claims to a Claim Worksheet before adding currency - section cannot be selected - error AC0093 No sections available  
Product Line: P&C
Component/s: Claim Worksheet
Affects Version/s: SICS 4.6 SSP17 TOA15
Fix Version/s: SICS 4.9.2 SICS 4.6 SSP17 TOA16
Customer: Toa Reinsurance Company Limited Japan
External Issue ID: IMPL-1932

Problem:
When adding multiple claims to a Claim Worksheet before adding currency - section cannot be selected; causing error AC0093 "No sections available".

Solution:
It must always be possible to select a section for booking in the claim worksheet booking row; even if there are more than one claim added to the claim worksheet before adding a currency.

Workaround:
Add a claim, a currency and a booking row and make a booking to an entry code before adding another Claim to the Claim worksheet.

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-14765] Abend when cancelling claim reference edit/create process after having defined an invalid reference due to changes not being rolled back properly  
Product Line: P&C
Component/s: Claims
Affects Version/s: SICS 4.8.5 SSP1
Fix Version/s: SICS 4.9.2
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3567
[SICSR-14960] System Crash when booking outstanding reserve on CW  
Product Line: P&C
Component/s: Claim Worksheet
Affects Version/s: SICS 4.7 SSP13 CHR2
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-14655
Customer: DXC
[SICSR-15369] Abend when Claim References exceed the maximum length  
Product Line: P&C
Component/s: Claims
Affects Version/s: SICS 4.7
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich
External Issue ID: PRB000603242

Problem:
System abend when Claim References exceed the maximum length, instead of warning/error message.

Solution:
When creating a claim reference either one by one or multiple in one go, the system must validate the length of the field. If one or more of the created claim references are above max allowable number of digits, an error message should appear.

Workaround:
Make sure entered claim references are below 30 digits.

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15476] Event Group’s UNL amounts are not updated when user changes the Event IBNR amounts  
Product Line: P&C
Component/s: Claim Headline Loss
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
When user manually changes the amount for Event IBNR or Event IBNR Reinstatement, the corresponding UNL Estimate amounts are not updated to reflect the change

Solution:
The UNL Estimate amounts should be updated to reflect the Actual + Event IBNR amount.

Workaround:
Change the UNL Estimate amount

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15586] The system does not work when manual booking on Claim Worksheet on OCC with Cedent marked with Separate Balance  
Product Line: P&C
Component/s: Claim Worksheet
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2 SICS 4.7 SSP16 SIR4
Customer: DXC

Problem:
The system does not split balance correctly when manual booking on Claim Worksheet on OCC with Cedent marked with Separate Balance

Solution:
When a Cedent is marked with Separate Balance on the OCC, and when the user on a Claim Worksheet, selects the option Link OCC Base Company, and the selected Base Company is marked with the new flag Separate Balance, make sure that all details on the worksheet get this as Original Base Company (this is already correct now) AND that the Balance(s) on this worksheet also get this partner as Base Company.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15775] Accuracy validation template IDs for claim worksheet are triggered when running accuracy for technical WS  
Product Line: P&C
Component/s: Claim Worksheet
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
When running Accuracy validation on a Technical Worksheet, the system checks Accuracy validation template IDs for Claim Worksheet as well - instead of only Technical Accuracy template IDs

Solution:
Accuracy validation for Claim worksheet and Technical Worksheet are separate functions, and must be validated separately.

Workaround:
Remove all Claim Worksheet Validation template IDs

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15979] Abend when changing status of claim WS without accounting classification selected  
Product Line: P&C
Component/s: Claim Worksheet
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Abend when changing status of claim WS when having multiple ACs and none selected

Solution:
The system should give a message of missing accounting classification

Workaround:
Assign accounting classification to the booking row

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

eMessaging
[SICSR-15614] Post placement validation 292 Test Signed Share(Placing)  
Product Line: P&C
Component/s: eMessaging
Affects Version/s: SICS 4.8.4
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich
External Issue ID: PRB000603760

Problem:
We would like to report two Post placement message issues - for the rule 292 Test Signed Share(Placing).

  • TECSNT02 message a6751421-f340-4f19-9dbe-8c2e41d34e83 processed against Section 2. Apply Share to Child Section is ticked (true), however, the
    eMessaging info is not updated on the child section. I think that if the Apply to child section flag is on, the section level details, including eMessaging info,
    should be recorded on the child section. Test case in the tab "Update child section" in the attached excel.
  • TECSNT02 message 91E9CFC1-40DE-498D-A9EA-EDF85C52316A processed against Main section where the eMessaging info (concretely Message
    Signed Line & Message Order Percent) is already populated. According to Rule description for rule 292, "..If a message has already set a signed share in
    SICS no validation takes place.This is detected by checking Message signed share and Message order percentages in eMessaging info. If either of these is not zero, another message has already set the signed share and no further validation will take place".
    This makes user think that in case of discrepancy, if the eMessaging Info details do not match the message, no error is triggered. However, error triggered IS, which I think is cool and would like to keep it - just need to change the Rule Description. Test case in the tab "Rule description vs execution" in the attached excel.

Solution:

When Apply Share to Child Section is set on the Insured Period eMessaging Information then applying the eMessaging share (rule or swap-to) should create / update the eMessaging values on a child section from a Placing message as per a Tech Account.

TestSignedSharePlacing rule long description should reflect that it performs SICS share validation or if already set, eMessaging info share validation.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15799] Premium Adjustment Validation  
Product Line: P&C
Component/s: eMessaging
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich

Problem:
PremiumAdjustmentValidationRule Premium Rate validation does not apply the SICS rate factor in order to compare the percentage in the message with the value in SICS.

Solution:
The rate value in SICS must be adjusted for its factor (percent, permilli, permillion) in order to directly compare with the message value which is a percentage.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15813] SICS eMessaging Server - Update vulnerable dependencies  
Product Line: P&C
Component/s: eMessaging
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

NAME DESCRIPTION CWE CVSS v2.0 SEVERITY CVSS v3.0 SEVERITY DEPENDENCY
CVE-2018-1000873 Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 MEDIUM HIGH jackson-databind-2.9.6.jar
CVE-2018-14718 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14720 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. CWE-611 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. CWE-918 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19360 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19361 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19362 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar

Solution:

Update vulnerable dependencies

[SICSR-15839] Previous Message - Difference between Tickbox “First Message” and “Subsequent Message”  
Product Line: P&C
Component/s: eMessaging
Affects Version/s: SICS 4.8.5 SSP4
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich
External Issue ID: PRB000604226

Problem:
Example: First Message is ticked
Subsequent Message is not ticked by default. As this message does not have a previous message, it is regarded as first message
Because this message doesn't have a previous message, we are able to change the tickbox "Subsequent Message" to ticked. This means now, that it is not a first message but a subsequent message. However, the tickbox "First Message" remains ticked.

Solution:
If Subsequent Message is checked then First Message should be automatically unchecked.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15917] Previous message mapping rule not exclude claim TA messages for not claim related  
Product Line: P&C
Component/s: eMessaging TA
Affects Version/s: SICS 4.8
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich

Problem:
Previous message mapping rule does not exclude claim signing account and restatement TA messages from the search for previous messages when the current message function is not claim related

Solution:
Previous message mapping rule should exclude claim signing account and restatement TA messages from the search for previous messages when the current message function is not claim related

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15919] Premium Instalment for Placing Validation - no value for the SICS Value  
Product Line: P&C
Component/s: eMessaging TA
Affects Version/s: SICS 4.8
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich
External Issue ID: PRB000604397

Problem:
The rule states that the 1st check should be on the total number of the instalments. In case it is not matching, an error is set and the validation stops.
Based on the testings, the validation works only if the number of instalments on PP message is higher than the number of instalments in SICS:
Instalments do not match error message is set as number of instalments on PP is 2 and in SICS 1:
Inspite of setting an error message on total number of instalments, validation is not stopped as described in the rule description and instalment amount and due dates are also being validated:

Solution:
The first test in this rule is therefore to check that the number of instalments in the placing message matches that in SICS. An error is set if there is a difference and validation stops.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15931] SenderContractReferenceValidationRule errors on Placing when no reference present yet  
Product Line: P&C
Component/s: eMessaging
Affects Version/s: SICS 4.8
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich
External Issue ID: PRB000604560

Problem:
SenderContractReferenceValidationRule errors on Placing when no reference present yet. This is OK for a TA / CM but Placing will add the missing reference and so does not need to error when absent (only when partner missing or reference is present and different).

Solution:
SenderContractReferenceValidationRule should not raise an error on missing reference in SICS when the message is a Placing.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15975] Incorrect validation of Limits on multi-ccy IP in Placing  
Product Line: P&C
Component/s: eMessaging
Affects Version/s: SICS 4.8.5 SSP4
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich
External Issue ID: PRB000604596

Problem:
CheckContractCoverageType and CheckContractDeductibleType rules are not handling multi-ccy IP's correctly.
The IP has 4 currencies – MUR, USD, GBP & EUR. The GBP amounts on the message appear to be compared to the MUR amounts on the IP.

Solution:
The rules CheckContractCoverageType and CheckContractDeductibleType should compare the amounts in SICS as per the message currency given the currency is on the condition in SICS.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15989] Override Rule where not allowed is possible on unprocessed messages  
Product Line: P&C
Component/s: eMessaging
Affects Version/s: SICS 4.2.2
Fix Version/s: SICS 4.9.2
Customer: Swiss Re Zurich

Problem:
For an Unprocessed message the eMessagging rules tab allows all rules to be overridden even if they are flagged as not overridable

Solution:
If a rule does not allow override then override should never be allowed regardless of message status.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

Reporting
[SICSR-9286] BYRP not possible to extract as date  
Product Line: P&C
Component/s: Reporting - Accounting
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: ANV Syndicate

Problem:
BYRP not possible to extract as date

Solution:
1) The missing objects shall be added to the universe
2) The booking year period shall be in the date format (2017 month 03 into a date format saying 2017-03-01) as the customer need to show it to Lloyd's

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-10848] Missing Partners in PC Main Universe  
Product Line: P&C
Component/s: Reporting - Partners
Affects Version/s: SICS 4.7
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:
Not all BP roles on a Business are supported with dedicated objects in BO universes

Solution:
Implement support for the missing roles in the main P&C universe.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15036] Universe: Booking Half Year Local and Booking Half Year Local(Code) has wrong statement on select statement.  
Product Line: P&C
Component/s: Reporting - Accounting
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3624

Problem: Universe: Booking Half Year Local and Booking Half Year Local(Code) has wrong statement on select statement.

Solution:  Changing the object SQL of "Booking half Year local" & "Booking half Year local (code) " accordingly.

Workaround:

Root Cause:

Extent of Impact: Both oracle and SQL versions on P&C and Life

Impact on Existing Data:  Wrong data fetched in Webi report when the reported objects are used.

Recovery Method for Existing Data Affected

[SICSR-15059] “Rate Is pct or pm” shows %, even when mentioned ‘pm’ in SICS  
Product Line: P&C
Component/s: Reporting - Business
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3629

Problem:
Defined Premium Rate as 20.0000 pm and premium Type as Fixed Rate.
Created a report with Business ID, premium rate, Rate is percent or pm.
Found that 'Rate is percent or pm' shows as '%' even though its mentioned as 'pm'.

Solution:
When 'Rate is percent or pm' is mentioned as 'pm' in SICS, it must reflect the same factor in BO report too

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15517] Insurable peril table/join universe structure  
Product Line: P&C
Component/s: Reporting - Business
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2
Customer: Triglav Re

Problem:
Wrong join for insurable peril in OPC universe.

Solution:
Correct the join.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15683] BO Report issue - Total Number of Reinstatement  
Product Line: P&C
Component/s: Reporting - Business
Affects Version/s: SICS 4.8.4
Fix Version/s: SICS 4.9.2
Customer: Zep Re (PTA)
External Issue ID: ZepRe/484/29

Problem:
No of reinstatements incorrect in BO report.

Solution:
Correct incorrect join in the universe.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

Security
[SICSR-14007] view cedent’s program from assumed requires create security use case  
Product Line: P&C
Component/s: Security
Affects Version/s: SICS 4.8.4
Fix Version/s: SICS 4.9.2
Customer: Renaissance Re
External Issue ID: SICS-1460

Problem:

Cedent's Program access from assumed business is stopped even if user has read access rights for the security use case Business Administration.

Solution:
When the user from an assumed business try to open the linked Cedent's Program, the system should not stop the user with a message saying that the user does not have rights to Create.  The user is not trying to create anything.  If the security use case 'Business Administration' has access right Read, the user should be allowed to view the Cedent's Program. 

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15167] Security Use Case does not prevent from placing to multiple placements  
Product Line: P&C
Component/s: Security
Affects Version/s: SICS 4.8.6
Fix Version/s: SICS 4.9.2 SICS 4.8.6 SSP4
Customer: SOMPO JAPAN INSURANCE INC.
External Issue ID: Dezie3636

Problem: 
Having removed the Security Use Case 'Business Outward Cedent's Contract Placements: 'C' does not prevent the user from placing to multiple placements in one go.

Solution: 
The Security 'Business Outward Cedent's Contract Placements': 'Create' set to 'No' should prevent the creation of placements via Placing to Multiple Placements.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

Server
[SICSR-15016] Walkback creating Lf Light Policy via SicServer  
Product Line: P&C
Component/s: SICS Server
Affects Version/s: SICS 4.7 SSP21
Fix Version/s: SICS 4.9.2
Customer: Milli Re

Problem:
Trying to create an insurable object via SicsServer, SicsServer generates a walkback instead of an error message if the unique identifier is too long

Solution:
Add syntaxt validation for SicsInsurableObjectAbstractGeneralClass on field identifier min 0 / max column size as per e.g. SicsBusinessClass identifier

Workaround:
Insurable Object General Identifier (SICS unique identifier) has a limit of 20 characters.

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

Miscellaneous
[SICSR-9984] Log Activity seems not to always work  
Product Line: P&C
Component/s: Log Functionality
Affects Version/s: SICS 4.6 SSP16
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-10515
Customer: Ocidental Seguros
[SICSR-12080] Doubling Protection Assignment on Claims Already Assigned to US Quota Share  
Product Line: P&C
Component/s: Cede Light Claims
Affects Version/s: SICS 4.5.2 SSP23
Fix Version/s: SICS 4.9.2
Customer: Houston International Insurance Group
External Issue ID: n/a

Problem:
Doubling Protection Assignment on Claims Already Assigned to US Quota Share when running Multi Business order again with 'All Business' selected.

Solution:
When copying US Quota Share protection assignment from policy light to light claim (in Multi Business Order), the system must always check if the protection assignment is already there to avoid duplicates.
The general rule is that when running Multi Business Order any US Quota Share policy light PA is copied to existing light claim on the policy Insured Period. This must however NOT be done if the US QS PA is already there.

Workaround:
The recommended way to run the Multi Business Order is to run with 'Changed Business'.
This will include all inward policies that either are new or has been changed since the last time they were auto protected, for example if a new section has been added.
All Business' is supposed to be used after changes have been made to outward protections and recalculation for all inward policies are needed.
In this case you should use 'Changed Business'

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15347] Insured Period Log is empty for OCC type of business  
Product Line: P&C
Component/s: Log Functionality
Affects Version/s:  
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-10515
Customer: China Re
[SICSR-15406] Not able to create and run Accrual orders despite proper Security assigned  
Product Line: P&C
Component/s: Multi GAAP - Accounting
Affects Version/s: SICS 4.8.5
Fix Version/s: SICS 4.9.2
Customer: Triglav Re

Problem:
Users are not able to create and run Accrual Order even if security use case "Accounting Accrual Order" is assigned to the user

Solution:
Make sure the security use case Accounting Order Accrual enables the user to:

  • Create and update the Accrual on Inward Order
  • Create and update the Multi GAAP Accounting Order

Workaround:
Assign both use cases "Accounting Order Admin" and "Accounting Order Accrual" to the user role

Root Cause:

Extent of Impact:
Not possible to give user access to create Multi GAAP Accounting order without giving access to create all types of Accounting orders

Impact on Existing Data
None

Recovery Method for Existing Data Affected

[SICSR-15501] Usercreation by UAI - Template-user approach not working  
Product Line: P&C
Component/s: Client Infrastructure
Affects Version/s: SICS 4.7 SSP7 ALL4
Fix Version/s: SICS 4.9.2
Customer: Allianz AG
External Issue ID: SICS-1781

Problem:
ACCESS-code values are completely ignored with CREATE_USER action,

Solution:
In the UAI, action is CREATE_USER needs to copy access code, list of access code and active access code from the template user to new UAI user.

Workaround:

Root Cause:

Extent of Impact:

Impact on Existing Data

Recovery Method for Existing Data Affected

[SICSR-15788] LHR TWS’s not automatically closed by MG Retrocession Order - AC is populated  
Product Line: P&C
Component/s: Multi GAAP - Accounting
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2
**Issue Links: ** duplicates SICSR-15826
Customer: Renaissance Re
External Issue ID: SO-20
[SICSR-15807] SICS ADH Server - Update vulnerable dependencies  
Product Line: P&C
Component/s: Automated Document Handling
Affects Version/s:  
Fix Version/s: SICS 4.9.2
Customer: DXC

Problem:

NAME DESCRIPTION CWE CVSS v2.0 SEVERITY CVSS v3.0 SEVERITY DEPENDENCY
CVE-2018-1000873 Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 MEDIUM HIGH jackson-databind-2.9.6.jar
CVE-2018-14718 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14720 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. CWE-611 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. CWE-918 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19360 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19361 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19362 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar

Solution:

Update vulnerable dependencies

[SICSR-15826] Multi GAAP Accounting Order all worksheets are failed to close automatically  
Product Line: P&C
Component/s: Multi GAAP - Accounting
Affects Version/s: SICS 4.9.1
Fix Version/s: SICS 4.9.2 SICS 4.9.1_QHR01
Issue Links: is duplicated by SICSR-15788
Customer: China Re

Problem:
When Multi GAAP Accounting Order and Multi GAAP Retrocession Order does not close worksheet on one contract due to e.g. missing Registration Complete flag or missing Accounting classification, this also prevents automatic closing of worksheets on other contracts on the same order.

Solution:
Make sure the failure to automatic close worksheet on one business, does not affect the closing of worksheets on other businesses

Workaround:
Close worksheets manually

Root Cause:
SICSR-13295

Extent of Impact:
Many worksheets left in open status

Impact on Existing Data
None
Recovery Method for Existing Data Affected
N/A

ENHANCEMENT

Life
Miscellaneous
[SE-117] Additional fields in Non Prop Business conditions - remaining from 4.7  
Product Line: Life
Component/s: Life
Fix Version/s: SICS 4.9.2

Carry Forward SICSE-7870

Aim of function

To be able to define the minimum and deposit premium as Our Share
To be able to define a basis for the Final Adjustment

System Parameters Affected

None

Existing functionality affected
Non Proportional Premium Condition

[SE-799] More decimal places required for ACI  
Product Line: Life
Component/s: Life
Fix Version/s: SICS 4.9.2

Aim of function

To be able to load cession ACIs with upto 6 decimals and view them with 6 decimal places from the cession benefit window

System Parameters Affected

New System Parameter under Accounting--> Miscellaneous

Existing functionality affected

Inward and Outward cession ACIs

[SE-1144] Improvements and Implementations required in copy functionality  
Product Line: Life
Component/s: Life
Fix Version/s: SICS 4.9.2

Aim of function

To be able copy an existing Cession or Retrocession Order from the Edit Menu or through the copy option under Find Order window to create a new Order with next Identifier in series.

System Parameters Affected

None

Existing functionality affected

All Orders available under Periodic Functions- Orders

[SE-1145] Multiple Business transfer in Periodic Functions Orders  
Product Line: Life
Component/s: Life
Fix Version/s: SICS 4.9.2

Aim of Function
To have Multiple Business transfer in Periodic Function Orders, that will support multiple add or list business options in these orders.

System Parameters affected
Accounting - No
Business - No
Other - No

Existing functionality affected
No changes in any of the existing functionality.

Changes at batch level
All the options Add Businesses, List Business and Clear List are enabled for these below orders:-
Cession Renewal
Replace Informational Renewals
Renewal For Fac Standalone Retrocession
Retrocession Processing Order

Add Businesses option is enabled and remaining both are disabled for these below orders:-
Terminate Cessions
Cancel Cessions
Retrocession Recapture for OCC

ENHANCEMENT

P&C
Accounting
[SE-484] Portfolio with variable Quota Share Percentage  
Product Line: P&C
Component/s: Accounting General
Fix Version/s: SICS 4.9.2

Aim of function

Running the Retrocession Calculation Order
System will adjust the booking details according to the Quota Share percentage entered on the Premium/Limit Conditions for the relevant Insured Periods.
E.g.
Portfolio Withdrawal IP X * QS % IP X+1 / QS % IP X= Premium Portfolio Entry IP X+1

This functionality is only possible for Prop Treaty OCC with Type of Participation = 'Quota Share' and when the Quota Share percentage is entered on the Premium/Limit Conditions

System Parameters Affected

N/A

Existing functionality affected

Running the Retrocession Calculation Order including one or more of the following calculations;

  • Premium/Loss Portfolio Entry
  • Deficit Carried Forward - Profit Commission
  • Credit/Deficit Carried Forward - Stepped-/Sliding Scale Commission
  • Original details made with an Insured Period already closed and transferred to 'Next Open Insured Period' according to 'Closed Period Handling'
[SE-487] Reserve Reopening created by REAC for Clean Cut  
Product Line: P&C
Component/s: Accounting General
Fix Version/s: SICS 4.9.2

Aim of function

New field 'Transfer to next Insured Period' on the Reserve Conditions, OCC Prop Treaty with Premium/Claim Accounting Basis = Clean Cut

Selecting this field  and running the Retrocession Calculation Order for the last Account of an Insured Period will initiate the booking (reopening) of the Premium/Loss Reserve in the next open Insured Period

E.g.
Reserve 1.000 booked in 2nd of 2, 2018, uw-year 2018 will be reopened in 1st of 2, 2019, uw-year 2019 on OCC/ORP 'as Booking' business ledger

This functionality is only possible for Prop Treaty OCC with Premium/Claim Accounting Basis = Clean Cut and when the new field 'Transfer to next Insured Period' selected on the Reserve Conditions

System Parameters Affected

N/A

Existing functionality affected

Running the Retrocession Calculation Order
- for the last Account of the Insured Period for a Prop Treaty OCC with Premium Reserve and/or Loss Reserve with Calculation Method = 'Percent of Original'

 

[SE-492] Balance As Account Splitted per Main Class Of Business  
Product Line: P&C
Component/s: Accounting General
Fix Version/s: SICS 4.9.2

Aim of function

Make it possible to split the balances created by the Retrocession Account Order per Main Class of Business

System Parameters Affected

NA

Existing functionality affected

 

Initially the balance split was only possible based on below criteria on Retrocession Account Order.

  • Split By Insured Period
  • Split By Orig. Acct Yr And Per
  • Split By Section
  • Split By Description of Account

 

[SE-565] Enhancement to book one OCC and attach multiple assumed base companies and have the business ledger be able to differentiate each base company figures  
Product Line: P&C
Component/s: Accounting General
Fix Version/s: SICS 4.9.2

Aim of function

When an Assumed Business is protected by a prop treaty/fac OCC the Reinsurer on the AB will be added as Cedent on the OCC if it is not already there.

When manual booking takes place on an OCC with multiple Cedents and the user assign an Original Base Company from the OCC on a detail, then the system will make available all Accounting Classifications valid for this Base Company according to its specific settings in the system parameters. If no Original Base Company is assigned then the valid Accounting Classifications for the Scope of Cover will be available (existing functionality).

System Parameters Affected

Dependent on new system parameter "Booking on Accounting Classification valid for Original Base Company"

Existing functionality affected

Proportional Protection Assignment

Manual booking, both on Technical and Claim Worksheet, on Prop/Non Prop Treaty/Fac OCC and new validation of Accounting Classification based on the Original Base Company assigned to the detail during the booking.

 

[SE-1015] Enhance system to do claim worksheet duplicate checking  
Product Line: P&C
Component/s: Accounting General
Fix Version/s: SICS 4.9.2

Aim of function

Enhance system to do duplicate checking of manually claim worksheet bookings

System Parameters Affected

Dependent on new system parameter Check for Existing Duplicated Claim Worksheet Balances found under Claims, Claim Accounting system parameters

Existing functionality affected

When booking manually on a claim worksheet the system will check the claim balance amount if it is equal an existing claim balance amount on the same claim

[SE-1091] System need to use business reporting unit as search criteria on Accounting Worksheet Screen  
Product Line: P&C
Component/s: Accounting General
Fix Version/s: SICS 4.9.2

Aim of function
When the Legal Reporting Unit is NOT set in the system parameter, the system need to use the reporting unit defined on the business as search criteria on Find Accounting Worksheet window

System Parameters Affected

This enhancement is designed for companies who do not use legal reporting unit option under the set up below:

System Parameter → Accounting → Miscellaneous → Legal Reporting Unit Category : <None>

Existing functionality affected

Find Accounting Worksheet

 

[SE-1093] If only allow bookings on leaf level is enabled, on OCC side, the parameter ‘Automatically booked figures on section level’ can be automatically ticked.  
Product Line: P&C
Component/s: Accounting General
Fix Version/s: SICS 4.9.2

Aim of function

When Parameter ‘Allow Booking/Use Conditions on OCC/RP Section Level’ is selected, the flag ‘Automatically booked figures on section level’ on the Business tab of a Proportional OCC is enabled.
While another parameter ‘'Do not allow create Technical Worksheet for non-leaf sections’ is selected, the system will set the ‘Automatically booked figures on section level’ ticked automatically when OCC is created. The bookings made on IAB section level will therefore be retroceded correctly to OCC Child section.

System Parameters Affected

System Parameters; Accounting, Retrocession, General page, select parameter ‘Allow Booking/Use Conditions on OCC/RP Section Level’

System Parameters; Accounting, Worksheet page, select parameter 'Do not allow create Technical Worksheet for non-leaf sections’

Existing functionality affected

Create new and Renew Prop Treaty OCC

Automatic booking on the As Original ledger on a Prop Treaty OCC

 

Business
[SE-1092] Upload placements at Add and Realize Fac OCC Protection  
Product Line: P&C
Component/s: Business
Fix Version/s: SICS 4.9.2

Aim of Function:
To speed up the placing process of a facultative outward cedent's contract, it is now possible to load the retrocessionaires from external files to SICS, also while creating Fac OCCs.  It can be initiated from the Placement List of the Add and Realize OCC Fac Protection window and loads the retrocessionaires with their share to SICS.

System Parameter Affected:
None

Existing Functionality Affected:
Create Faculative Outward Cedents’ Contract
Place outward cedent's contract to retrocessionaires 
Maintain share conditions
Handle life cycle status

Claim
[SE-242] Introduce Claim Worksheet Validation Templates for Customized Claim Worksheet Validations  
Product Line: P&C
Component/s: Claim, NP Recovery, Cede
Fix Version/s: SICS 4.9.2

Aim of function

Allow definition of claim worksheet validation templates, so that worksheet warnings can be customised for each insured period, based upon different selection criteria.

System Parameters affected

 New claim accuracy validation framework introduced - containing claim accuracy validation rules, validation templates, and validation template identification.

 

Existing functionality affected

Create Claim Worksheet

Miscellaneous
[SE-338] ADH - Compare two transformation mappings  
Product Line: P&C
Component/s: Other
Fix Version/s: SICS 4.9.2

Aim of function
Manual/visual comparison of graphical ADH mappings is cumbersome.
This enhancement will list differences between two mappings (two different mappings, or two revisions of the same mapping):

  • Output Pattern fields and groups
  • Transformation blocks and their properties
  • Connections
  • Input Pattern fields and groups
  • Output Pattern XSL (XML mappings only)
  • Mapping Detail properties
  • Automatic Corrections
    Double-clicking any difference belonging to the first 4 categories will highlight that difference in the 'source' and 'target' mapping graphical editor.
    If the target mapping is in edit mode, any change made to the target mapping will trigger a re-calculation of the differences.

System Parameters Affected
None

Existing functionality affected
ADH

[SE-575] Automatically update Revised Estimated Premium Income from actual bookings  
Product Line: P&C
Component/s: MG & Reserve Orders
Fix Version/s: SICS 4.9.2

Aim of function
New Mass Update to update Revised EPI on Assumed Businesses with actual booked premium
Revised EPI is updated with booked amounts with Entry Codes within a pre-defined Entry Code Group, given that a pre-defined estimated item in Period Estimates is set to Complete

System parameters affected
New Business/Miscellaneous system parameters:

  • Include Previously Updated Businesses - Indicates if businesses previously included in mass update will be updated again
  • Estimated Item - Estimated Item to be checked for completeness for Revised EPI to be updated
  • Entry Code Group - Entry code Group to be included in booked Premium for Mass Update

Existing functionality affected
N/A

[SE-926] Import Monthly pattern on portfolio program level via web service  
Product Line: P&C
Component/s: MG & Reserve Orders
Fix Version/s: SICS 4.9.2

Aim of function
New Web Service importDefaultPeriodEstimatesOnPortfolioProgram within SicsWsBusinessEntryPoint
Imports Yearly and Monthly/Quarterly Default Period Estimates to the specified Portfolio Program(s).

System parameters affected
N/A

Existing functionality affected
N/A

[SE-1035] PreviousMessageMappingRule Exclusion flags on IP and Historical messages  
Product Line: P&C
Component/s: Other
Fix Version/s: SICS 4.9.2

Aim of function

To Exclude Message from Previous Message Mapping Referencing.

Exclusion flags for Message or Insured Period for Previous Message Mapping Referencing.

System Parameters Affected

NA

Existing functionality affected

eMessaging

UC 1.2 Message find 7.0
UC 1.3 Message view 6.0
UC 5.1.9 Referencing Previous message 4.1
UC 6.4.1 eMessaging info on Insured Period 5.6

[SE-1060] UI for user-connection - security of jar-file  
Product Line: P&C
Component/s: Other
Fix Version/s: SICS 4.9.2

Allianz want to connect SICS to Active directory (according to chapter 12.10 from SystemAdminGuide) by a UI.

Currently there isn‘t a safe way to check by SICS-software whether the jar-file written by client is the correct one - e.g. by adding a signature etc.

They are afraid that a user could "steal" that jar-file and manipulate it, so that he could give admin-rights to himself by that adapted jar-file (like sics.userauthorizationinterface.jar).

 __ 

Allianz would like following SICS enhancement: When SICS starts, SICS will query the SYS_PARAM_VALUES table for the hash value, and if it exists, verify that the MD5-hash of the current jar-file is equal to the stored hash value

 

[SE-1224] GDPR Insurable Object Log tracking  
Product Line: P&C
Component/s: Other
Fix Version/s: SICS 4.9.2

Aim of function
Track log for insurable object for EU General Data Protection Regulation.  The system logs update of data regarding individuals/persons. 

System Parameters affected
None

Existing functionality affected
Maintain Insurable Object 
Create Insurable Object

[SE-1301] Drop 32bit JRE support as part of CVE corrections  
Product Line: P&C
Component/s: Other
Fix Version/s: SICS 4.9.2

Problem

NAME DESCRIPTION CWE CVSS v2.0 SEVERITY CVSS v3.0 SEVERITY DEPENDENCY
CVE-2018-1000632 dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. CWE-91 MEDIUM HIGH dom4j-1.6.1.jar
CVE-2018-1000873 Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. CWE-20 MEDIUM HIGH jackson-databind-2.9.6.jar
CVE-2018-14718 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14719 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14720 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. CWE-611 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-14721 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. CWE-918 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19360 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19361 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2018-19362 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. CWE-502 HIGH CRITICAL jackson-databind-2.9.6.jar
CVE-2008-6059 xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. CWE-264 MEDIUM   org.eclipse.swt.win32.win32.x86-3.107.0.jar: swt-webkit-win32-4880.dll
CVE-2009-3933 WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. CWE-399 MEDIUM   org.eclipse.swt.win32.win32.x86-3.107.0.jar: swt-webkit-win32-4880.dll
CVE-2010-1766 Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid. CWE-189 HIGH   org.eclipse.swt.win32.win32.x86-3.107.0.jar: swt-webkit-win32-4880.dll

Solution:

  • Update vulnerable dependencies
  • Drop 32-bit support