Geneos 6.x Security Updates

Overview Copied

This page contains security updates for all Geneos 6.x releases.

To learn more about the supported Geneos versions and new features in the Geneos 6.x release, see the following documents:

Geneos 6.9.x Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
AA-7043 CVE-2024-2398 (BDSA-2024-0743) High The Geneos base image has been updated to UBI 9.4-947.1714667021 to address the security vulnerability: CVE-2024-2398 (BDSA-2024-0743). Docker Image Geneos 6.9.0
COL-12077 CVE-2024-25710 (BDSA-2024-0363), CVE-2024-26308 (BDSA-2024-0360) Medium The Apache Commons Compress has been updated to 1.26.1 to address the following security vulnerabilities:
  • CVE-2024-25710 (BDSA-2024-0363)
  • CVE-2024-26308 (BDSA-2024-0360)
Kubernetes Geneos 6.9.0
COL-12078 CVE-2023-33202 (BDSA-2023-3254), CVE-2023-33201 (BDSA-2023-1625), BDSA-2024-2378 Medium The Bouncy Castle dependency has been updated to 1.78.1 to address the following security vulnerabilities:
  • CVE-2023-33202 (BDSA-2023-3254)
  • CVE-2023-33201 (BDSA-2023-1625)
  • BDSA-2024-2378
Netprobe Geneos 6.9.0
COL-12080, COL-12093 CVE-2023-6378 (BDSA-2023-3307), BDSA-2023-3341 Medium The Logback has been updated to 1.3.14 to address the following security vulnerabilities:
  • CVE-2023-6378 (BDSA-2023-3307)
  • BDSA-2023-3341
Netprobe Geneos 6.9.0
VI-9805 BDSA-2024-2378 Medium The Bouncy Castle libraries in the Active Console and Web Dashboard have been upgraded to 1.78.1 to address the security vulnerability: BDSA-2024-2378. Active Console / Gateway Setup Editor, Gateway Geneos 6.9.0

Geneos 6.8.x Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
COL-12047 CVE-2024-29025 (BDSA-2024-0720) High The Netty library has been upgraded to 4.1.109.FINAL to address the security vulnerability: CVE-2024-29025 (BDSA-2024-0720). Netprobe Geneos 6.8.1
COL-12061 CVE-2024-29025 (BDSA-2024-0720) High The Collection Agents and plugins packaged in Netprobe have been updated to address the security vulnerability: CVE-2024-29025 (BDSA-2024-0720). The affected components have been updated to the following versions:
  • AWS plugin - 4.2.1
  • Azure plugin - 4.1.1
  • Collection Agent - 4.0.3
  • FluentD Forward plugin - 4.0.1
  • Google Cloud Platform plugin - 4.1.1
  • GRPC plugin - 4.0.1
  • JDBC plugin - 4.2.1
  • MongoDB plugin - 4.1.1
  • OpenTelemetry plugin - 4.0.1
  • Prometheus plugin - 4.0.1
Azure Monitor, Collection Agent, Prometheus, AWS, Fluentd Forward, OpenTelemetry, Google Cloud, JDBC, MongoDB, GRPC Geneos 6.8.1
COL-12065 CVE-2023-0464 (BDSA-2023-0610), CVE-2023-0466 (BDSA-2023-0691), CVE-2023-0465 (BDSA-2023-0692), CVE-2023-2650 (BDSA-2023-1337), CVE-2023-3446 (BDSA-2023-1866), CVE-2023-3817 (BDSA-2023-1972), CVE-2023-4807 (BDSA-2023-2389) High The Geneos components have been upgraded to OpenSSL version 1.1.1w. Active Console / Gateway Setup Editor, Gateway, Netprobe, License Daemon, Fix Analyser 2 Netprobe, File Agent Geneos 6.8.1
VI-9792 BDSA-2024-1160 High The Spring Framework libraries in the Web Server have been upgraded to 5.3.34 to address the security vulnerability: BDSA-2024-1160. Web Server Geneos 6.8.1
COL-12024 CVE-2024-1597 (BDSA-2024-0368) Critical The PostgreSQL JDBC Driver (pgjdbc) that is packaged with the JDBC plugin has been updated from version 42.6.0 to 42.7.2 to address the security vulnerability: CVE-2024-1597 (BDSA-2024-0368). JDBC Geneos 6.8.0
COL-12022 CVE-2023-0286 (BDSA-2023-0226) High The Geneos components have been upgraded to OpenSSL version 1.1.t to address the security vulnerability: CVE-2023-0286 (BDSA-2023-0226). Active Console / GSE, Gateway, Netprobe, License Daemon, Fix-Analyser 2 Netprobe, File Agent Geneos 6.8.0
UTL-1277 BDSA-2023-3666 High The Nimbus JOSE+JWT library in SSO Agent has been upgraded to 9.37.3 to address the security vulnerability: BDSA-2023-3666 SSO Agent Geneos 6.8.0
VI-9757 CVE-2023-52428 (BDSA-2023-3666) Medium The Nimbus JOSE+JWT library in the Active Console and Web Server has been upgraded to 9.37.3 to address the security vulnerability: CVE-2023-52428 (BDSA-2023-3666) Active Console / GSE, Web Server Geneos 6.8.0
VI-9784 CVE-2024-22257 (BDSA-2024-0647) High The Spring Security libraries in the Web Server have been upgraded to 5.8.11 to address the security vulnerability: CVE-2024-22257 (BDSA-2024-0647). Web Server Geneos 6.8.0
VI-9785 CVE-2024-22259 (BDSA-2024-0625) High The Spring Framework libraries in the Web Server have been upgraded to 5.3.33 to address the security vulnerability: CVE-2024-22259 (BDSA-2024-0625) Web Server Geneos 6.8.0

Geneos 6.7.x Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
VI-9758 CVE-2023-34042 (BDSA-2023-2481) Medium The Spring Security libraries in the Web Server have been upgraded to 5.8.10 to address the security vulnerability: CVE-2023-34042 (BDSA-2023-2481). Web Server Geneos 6.7.2
VI-9760 CVE-2024-1597 (BDSA-2024-0368) Critical The PostgreSQL library in the Active Console and Web Dashboard has been upgraded to 42.7.2 to address the security vulnerability: CVE-2024-1597 (BDSA-2024-0368). Active Console, Web Server Geneos 6.7.2
VI-9761 CVE-2024-22243 (BDSA-2024-0402) High The Spring Framework libraries in the Web Server have been upgraded to 5.3.32 to address the security vulnerability: CVE-2024-22243 (BDSA-2024-0402). Web Server Geneos 6.7.2
AA-6956 CVE-2024-25062 High The libxml2 library has been updated to version 2.12.5 to address the security vulnerability: CVE-2024-25062 Gateway Geneos 6.7.1
AA-6559 CVE-2023-38545 High The libcurl version used by Netprobe, Gateway, and Web Slinger has been updated to 8.5.0. Gateway Geneos 6.7.0
AA-6841 CVE-2023-45322, BDSA-2023-2269 High The libxml2 library have been updated to version 2.12.3. Gateway Geneos 6.7.0
AZUREMON-519 CVE-2023-48795 High The base image for Azure Marketplace image has been updated from Ubuntu 18.04-LTS to Ubuntu 22.04-LTS Azure Geneos 6.7.0
COL-11350 CVE-2023-38545 High The libcurl version used by Netprobe, Gateway, and Web Slinger has been updated to 8.5.0. Gateway, Netprobe, Web Slinger Geneos 6.7.0
HAAW-457 CVE-2023-48795 High The base image for AWS Marketplace image has been updated from Ubuntu 18.04-LTS to Ubuntu 22.04-LTS. AWS Geneos 6.7.0
UTL-1267 BDSA-2019-4014 High The Apache Xerces C++ library in the Active Console, Gateway, Netprobe, and Web Server has been upgraded to 3.2.5 Active Console, Gateway Setup Editor, Gateway, Netprobe, Web Server Geneos 6.7.0

Geneos 6.6.x Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
AZUREMON-505 CVE-2023-4586 High The Netty library has been upgraded to 4.1.100. Azure Geneos 6.6.0
AZUREMON-510 CVE-2023-3635 High The OkHttp3 library has been upgraded to 4.12.0. Azure Geneos 6.6.0
COL-11811 BSDA-2022-2160 High The Net-SNMP library has been upgraded to 5.9.4. Netprobe Geneos 6.6.0
COL-11898 CVE-2023-4586, CVE-2023-44487 High The Netty library has been upgraded to 4.1.100.Final. Netprobe Geneos 6.6.0
HAAW-441 CVE-2023-4586 High The Netty library has been upgraded to 4.1.100. AWS Geneos 6.6.0
HAAW-443 CVE-2023-3635 High The OkHttp3 library has been upgraded to 4.12.0. AWS Geneos 6.6.0
OACM-41 CVE-2023-4586, CVE-2023-44487 High The Netty library has been upgraded to 4.1.100. Collection Agent, Fluentd Forward plugin, Opentelemetry plugin, Prometheus plugin Geneos 6.6.0
VI-9641 CVE-2023-2976 Medium The Google Guava library in the Active Console and Web Server has been upgraded to 32.0.1-JRE. Active Console, Gateway Setup Editor, Web Server Geneos 6.6.0
VI-9649 CVE-2023-33201 (BDSA-2023-1625) Medium The Bouncy Castle library in the Active Console and Web Dashboard has been upgraded to 1.75. Active Console, Gateway Setup Editor, Web Server Geneos 6.6.0
VI-9651 CVE-2023-26048 (BDSA-2023-088), CVE-2023-26049 (BDSA-2023-0888) Medium The Jetty libraries in the Web Dashboard has been upgraded to 9.4.51.v20230217. Web Server Geneos 6.6.0
VI-9658 CVE-2023-35116 (BDSA-2023-1491) Medium The Jackson Databind library in the Active Console has been upgraded to 2.15.3. Active Console, Gateway Setup Editor Geneos 6.6.0
VI-9661 CVE-2023-34035 (BDSA-2023-1821), BDSA-2023-1825 High The Spring Security library in the Web Dashboard has been upgraded to 5.8.5. Web Server Geneos 6.6.0
VI-9688 CVE-2023-44487 (BDSA-2023-2732), BDSA-2023-2721 High The Jetty libraries in the Web Dashboard have been upgraded to 9.4.53.v20231009. Web Server Geneos 6.6.0
VI-9689 CVE-2023-5072 (BDSA-2023-2760) Medium The JSON-Java library in the Active Console and Web Server has been upgraded to 20231013 Active Console, Gateway Setup Editor, Web Server Geneos 6.6.0

Geneos 6.5.x Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
UTL-1252 CVE-2023-1370 (BDSA-2023-0616) Medium The net.minidev.json-smart library in the SSO Agent has been upgraded to 2.4.11. SSO Agent Geneos 6.5.0

Geneos 6.4.x Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
COL-11695 CVE-2020-8277, CVE-2021-3672 (BDSA-2021-2387), CVE-2022-4904 (BDSA-2022-3990), CVE-2023-31124 (BDSA-2023-1270), CVE-2023-31130 (BDSA-2023-1273), CVE-2023-31147 (BDSA-2023-1276), CVE-2023-32067 (BDSA-2023-1277) High The gRPC C++ library in Gateway and Netprobe has been upgraded to 1.55.1, which was compiled using C-Ares 1.19.1. Gateway, Netprobe Geneos 6.4.0
UTL-1137 CVE-2023-31124 (BDSA-2023-1270) High The Apache Xerces C++ library in the Active Console, Gateway, Netprobe, and Web Server has been upgraded to 3.2.4. Gateway, Netprobe Geneos 6.4.0
UTL-1139 CVE-2016-3709 (BDSA-2016-1740), CVE-2019-19956 (BDSA-2019-4050), CVE-2021-3517 (BDSA-2021-1279), CVE-2021-3518 (BDSA-2021-1281), CVE-2021-3537 (BDSA-2021-1368), CVE-2021-3541 (BDSA-2021-1835), CVE-2022-23308 (BDSA-2022-0506), CVE-2022-29824 (BDSA-2022-1220), CVE-2022-40303 (BDSA-2022-2930), CVE-2022-40304 (BDSA-2022-2931), CVE-2023-29469 (BDSA-2023-0811), CVE-2023-28484 (BDSA-2023-0813), BDSA-2019-4208, BDSA-2020-0107, BDSA-2020-2277, BDSA-2021-1278 High Updated the libxml2 and libxslt libraries in Gateway to 2.11.4 and 1.1.38, respectively. Gateway Geneos 6.4.0
VI-9610 BDSA-2023-0873 High The Spring Security libraries in the Web Dashboard have been upgraded to 5.8.3. Web Server Geneos 6.4.0
VI-9611 CVE-2023-1370 High The JSON-smart library in the Active Console and Web Server has been upgraded to 2.4.10. Active Console, Gateway Setup Editor Geneos 6.4.0
VI-9620 CVE-2022-45688 High The JSON-Java library in the Active Console and Web Server has been upgraded to 20230227. Active Console, Gateway Setup Editor Geneos 6.4.0

Geneos 6.3.x Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
AA-6695 CVE-2022-1941, CVE-2022-3171 High The Protocol Buffers library has been updated to 3.21.6. Gateway Geneos 6.3.0
COL-11453 CVE-2022-3510 (BDSA-2022-3221), CVE-2022-3509 (BDSA-2022-3787), CVE-2022-3171 (BDSA-2022-2886) Medium The Protocol Buffers library in Netprobe has been upgraded to 3.21.7. Netprobe Geneos 6.3.0
VI-9557 CVE-2022-1471, CVE-2022-41854 Medium The SnakeYAML library in the Active Console and Gateway Setup Editor has been upgraded to 2.0. Active Console, Gateway Setup Editor Geneos 6.3.0
VI-9578 Web Server Medium The Apache Commons FileUpload library in the Web Dashboard has been upgraded to 1.5. Web Server Geneos 6.3.0

Geneos 6.2.x Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
AZUREMON-357 BDSA-2021-0311, CVE-2022-24823, CVE-2021-43797 Medium The Azure-core library has been updated to 1.35.0 to update the Netty project transitive dependency to version 4.1.79-FINAL. Azure Geneos 6.2.0
AZUREMON-476 BDSA-2022-2582, BDSA-2022-2580 Medium The Azure-core library has been updated to 1.35.0 to update the Woodstox-core project transitive dependency to version 6.4.0. Azure Geneos 6.2.0
COL-11574 CVE-2022-41915 (BDSA-2022-3560), CVE-2022-41881 (BDSA-2022-3559) High The Netty libraries in Netprobe have been upgraded to 4.1.86-Final. Netprobe Geneos 6.2.0

Geneos 6.1.x Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
AA-6556 CVE-2021-22570 High Updated Protocol Buffers version to 3.19.4. Gateway, Netprobe Geneos 6.1.0
AA-6557 CVE-2021-3672, CVE-2020-8277 Medium, High Updated CAres version to 1.17.2. Gateway, Netprobe Geneos 6.1.0
COL-11452 CVE-2022-42004, CVE-2022-42003 High The Jackson databind library in the Netprobe package has been upgraded to 2.13.4.2. Netprobe Geneos 6.1.0
UTL-1225 CVE-2022-1672, CVE-2022-1259 High Updated Undertow Core version to 2.2.20. SSO Agent Geneos 6.1.0
VI-9497, VI-9498, VI-9499 CVE-2017-3272, CVE-2017-3241, CVE-2012-1531 Medium The Java version packaged with Active Console for Windows , Linux, and macOS is now updated to OpenJDK 11.x. Active Console Geneos 6.1.0
VI-9500 CVE-2017-3272, CVE-2017-3241, CVE-2012-1531 Medium The Java version packaged with Web Dashboard is now updated to OpenJDK 11.x. Web Server Geneos 6.1.0
VI-9534 CVE-2022-42004 High The Jackson Databind library in the Active Console has been upgraded to 2.13.4. Active Console Geneos 6.1.0
VI-9536 CVE-2022-38752 Medium The SnakeYAML library in the Gateway Setup Editor has been upgraded to 1.33. Active Console Geneos 6.1.0
VI-9539 CVE-2022-42003 High The Jackson Databind library in the Active Console has been upgraded to 2.13.4.2. Active Console Geneos 6.1.0
VI-9542 CVE-2022-31690, CVE-2022-31692 Critical The Spring Security libraries in the Web Dashboard have been upgraded to 5.7.5.
Upgrading Spring Security also upgrades the Spring Framework libraries to 5.3.23.
Web Server Geneos 6.1.0
VI-9558 CVE-2022-41946 Medium The PostgreSQL library in the Active Console and Web Dashboard has been upgraded to version 42.5.1. Active Console, Web Dashboard Geneos 6.1.1

Geneos 6.0.x Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
AZUREMON-391 BDSA-2021-4363 Medium The Google Gson library in the Azure Monitor plugin has been upgraded to 2.9.0. Azure Geneos 6.0.0
C2-348 CVE-2022-24823 (BDSA-2022-1283), BDSA-2021-0311 Medium The Netty library of the Collection Agent has been upgraded to 4.1.79-Final Collection Agent Geneos 6.0.0
VI-9514 CVE-2022-31197, CVE-2022-26520 High The PostgreSQL library in the Active Console and Web Dashboard has been upgraded to 42.4.1. Active Console, Gateway Setup Editor, Web Server Geneos 6.0.0
VI-9522 BDSA-2022-0129, BDSA-2022-0133, BDSA-2022-0134 Medium The OpenJDK library in the Active Console and Web Dashboard has been upgraded to 8u345-b01. Active Console, Gateway Setup Editor, Web Server Geneos 6.0.0
["Geneos"] ["Release Notes", "Upgrade Notes", "Security Updates"]

Was this topic helpful?