ITRS Analytics 2.x Known Issues
ITRS Analytics known issues contain a list of bugs and issues that may affect the performance of your applications and components in ITRS Analytics 2.x.
ITRS works on isolating and fixing every product issue that we are aware of. We categorize a bug or an issue as a known issue if it meets the following criteria:
- The issue is reported by multiple users or is likely to have a high impact.
- The users should be aware of to minimize any disruptions to their monitoring.
- It is a critical issue, or with a high severity security vulnerability risk.
The Reported version is also provided for each known issue which indicates the ITRS Analytics version where the issue was found. However, these issues may be valid across multiple versions.
This list is updated regularly, and issues that are resolved will be added in the ITRS Analytics release notes.
For detailed release notes for the latest version of ITRS Analytics, see ITRS Analytics 2.x Platform Release Notes or ITRS Analytics 2.x Apps Release Notes.
Open known issues Copied
These are the known issues affecting the release:
| Security advisory ID | Affected component or app | Known issue description | |
|---|---|---|---|
| BDSA-2025-1254 | Alerting, API Gateway, Capacity Planner, Centralised Config, Commands, Dashboards, Entity Viewer, FIX Monitor, Ingestion, Notifications, Query Service, Signal Forecaster, Web Console | Keycloak has a reported improper authorization vulnerability due to a flaw in the organization mapper functionality. An attacker could exploit this by gaining unauthorized access or privileges through the incorrect assignment of an organization to a user based on a matching user name or email domain pattern. | |
| BDSA-2025-1366 (CVE-2024-4028) | Alerting, API Gateway, Capacity Planner, Centralised Config, Commands, Dashboards, Entity Viewer, FIX Monitor, Ingestion, Notifications, Query Service, Signal Forecaster, Web Console | A reported security vulnerability has been flagged in Keycloak, where privileged attackers may use a malicious payload as the permission while creating resources and permissions through the admin console. This could result in a stored cross-site scripting (XSS) attack. | |
| BDSA-2025-1967 | API Gateway, Dashboards, Entity Viewer, FIX Monitor, Notifications, Web Console | Axios has a reported security vulnerability to server-side request forgery (SSRF) due to how it handles absolute URLs. If a user provides a crafted value combined with a baseURL, it could redirect requests to unintended endpoints, potentially leading to credential leakage. |
Resolved known issues Copied
This section provides the list of known issues that have been resolved per the latest release.
| Security advisory ID | Affected component or app | Known issue description | |
|---|---|---|---|
| BDSA-2023-3298 | Alerting, API Gateway, Centralised Config, Capacity Planner, FIX Monitor, Forecaster, Ingestion, Notifications, Overview, Web Console | A potential security vulnerability with Apache Tomcat allowing remote attackers to append HTTP requests over valid HTTP requests (CVE-2023-46589) has been flagged by Black Duck. This can cause bypass validation, unauthorized access to restricted data, or malicious actions on behalf of another user or group. |
Note
The information contained in this document is for general information and guidance on our products, services, and other matters. It is only for information purposes and is not intended as advice which should be relied upon. We try to ensure that the content of this document is accurate and up-to-date, but this cannot be guaranteed. Changes may be made to our products, services, and other matters which are not noted or recorded herein. All liability for loss and damage arising from reliance on this document is excluded (except where death or personal injury arises from our negligence or loss or damage arises from any fraud on our part).