×
![]()
Geneos 6.x Security Updates
Overview Copied
This page contains security updates for all Geneos 6.x releases.
To learn more about the supported Geneos versions and new features in the Geneos 6.x release, see the following documents:
Geneos 6.8.x Copied
| Issue Key | CVE Number | CVE Severity | Description | Affected Components | Fix Version |
|---|---|---|---|---|---|
| COL-12022 | CVE-2023-0286 (BDSA-2023-0226) | High | The Geneos components have been upgraded to OpenSSL version 1.1.t to address the security vulnerability: CVE-2023-0286 (BDSA-2023-0226). | Active Console / GSE, Gateway, Netprobe, License Daemon, Fix-Analyser 2 Netprobe, File Agent | Geneos 6.8.0 |
| VI-9757 | CVE-2023-52428 (BDSA-2023-3666) | Medium | The Nimbus JOSE+JWT library in the Active Console and Web Server has been upgraded to 9.37.3 to address the security vulnerability: CVE-2023-52428 (BDSA-2023-3666) | Active Console / GSE, Web Server | Geneos 6.8.0 |
| VI-9784 | CVE-2024-22257 (BDSA-2024-0647) | High | The Spring Security libraries in the Web Server have been upgraded to 5.8.11 to address the security vulnerability: CVE-2024-22257 (BDSA-2024-0647). | Web Server | Geneos 6.8.0 |
| VI-9785 | CVE-2024-22259 (BDSA-2024-0625) | High | The Spring Framework libraries in the Web Server have been upgraded to 5.3.33 to address the security vulnerability: CVE-2024-22259 (BDSA-2024-0625) | Web Server | Geneos 6.8.0 |
Geneos 6.7.x Copied
| Issue Key | CVE Number | CVE Severity | Description | Affected Components | Fix Version |
|---|---|---|---|---|---|
| VI-9758 | CVE-2023-34042 (BDSA-2023-2481) | Medium | The Spring Security libraries in the Web Server have been upgraded to 5.8.10 to address the security vulnerability: CVE-2023-34042 (BDSA-2023-2481). | Web Server | Geneos 6.7.2 |
| VI-9760 | CVE-2024-1597 (BDSA-2024-0368) | Critical | The PostgreSQL library in the Active Console and Web Dashboard has been upgraded to 42.7.2 to address the security vulnerability: CVE-2024-1597 (BDSA-2024-0368). | Active Console, Web Server | Geneos 6.7.2 |
| VI-9761 | CVE-2024-22243 (BDSA-2024-0402) | High | The Spring Framework libraries in the Web Server have been upgraded to 5.3.32 to address the security vulnerability: CVE-2024-22243 (BDSA-2024-0402). | Web Server | Geneos 6.7.2 |
| AA-6956 | CVE-2024-25062 | High | The libxml2 library has been updated to version 2.12.5 to address the security vulnerability: CVE-2024-25062 | Gateway | Geneos 6.7.1 |
| AA-6559 | CVE-2023-38545 | High | The libcurl version used by Netprobe, Gateway, and Web Slinger has been updated to 8.5.0. | Gateway | Geneos 6.7.0 |
| AA-6841 | CVE-2023-45322, BDSA-2023-2269 | High | The libxml2 library have been updated to version 2.12.3. | Gateway | Geneos 6.7.0 |
| AZUREMON-519 | CVE-2023-48795 | High | The base image for Azure Marketplace image has been updated from Ubuntu 18.04-LTS to Ubuntu 22.04-LTS | Azure | Geneos 6.7.0 |
| COL-11350 | CVE-2023-38545 | High | The libcurl version used by Netprobe, Gateway, and Web Slinger has been updated to 8.5.0. | Gateway, Netprobe, Web Slinger | Geneos 6.7.0 |
| HAAW-457 | CVE-2023-48795 | High | The base image for AWS Marketplace image has been updated from Ubuntu 18.04-LTS to Ubuntu 22.04-LTS. | AWS | Geneos 6.7.0 |
| UTL-1267 | BDSA-2019-4014 | High | The Apache Xerces C++ library in the Active Console, Gateway, Netprobe, and Web Server has been upgraded to 3.2.5 | Active Console, Gateway Setup Editor, Gateway, Netprobe, Web Server | Geneos 6.7.0 |
Geneos 6.6.x Copied
| Issue Key | CVE Number | CVE Severity | Description | Affected Components | Fix Version |
|---|---|---|---|---|---|
| AZUREMON-505 | CVE-2023-4586 | High | The Netty library has been upgraded to 4.1.100. | Azure | Geneos 6.6.0 |
| AZUREMON-510 | CVE-2023-3635 | High | The OkHttp3 library has been upgraded to 4.12.0. | Azure | Geneos 6.6.0 |
| COL-11811 | BSDA-2022-2160 | High | The Net-SNMP library has been upgraded to 5.9.4. | Netprobe | Geneos 6.6.0 |
| COL-11898 | CVE-2023-4586, CVE-2023-44487 | High | The Netty library has been upgraded to 4.1.100.Final. | Netprobe | Geneos 6.6.0 |
| HAAW-441 | CVE-2023-4586 | High | The Netty library has been upgraded to 4.1.100. | AWS | Geneos 6.6.0 |
| HAAW-443 | CVE-2023-3635 | High | The OkHttp3 library has been upgraded to 4.12.0. | AWS | Geneos 6.6.0 |
| OACM-41 | CVE-2023-4586, CVE-2023-44487 | High | The Netty library has been upgraded to 4.1.100. | Collection Agent, Fluentd Forward plugin, Opentelemetry plugin, Prometheus plugin | Geneos 6.6.0 |
| VI-9641 | CVE-2023-2976 | Medium | The Google Guava library in the Active Console and Web Server has been upgraded to 32.0.1-JRE. | Active Console, Gateway Setup Editor, Web Server | Geneos 6.6.0 |
| VI-9649 | CVE-2023-33201 (BDSA-2023-1625) | Medium | The Bouncy Castle library in the Active Console and Web Dashboard has been upgraded to 1.75. | Active Console, Gateway Setup Editor, Web Server | Geneos 6.6.0 |
| VI-9651 | CVE-2023-26048 (BDSA-2023-088), CVE-2023-26049 (BDSA-2023-0888) | Medium | The Jetty libraries in the Web Dashboard has been upgraded to 9.4.51.v20230217. | Web Server | Geneos 6.6.0 |
| VI-9658 | CVE-2023-35116 (BDSA-2023-1491) | Medium | The Jackson Databind library in the Active Console has been upgraded to 2.15.3. | Active Console, Gateway Setup Editor | Geneos 6.6.0 |
| VI-9661 | CVE-2023-34035 (BDSA-2023-1821), BDSA-2023-1825 | High | The Spring Security library in the Web Dashboard has been upgraded to 5.8.5. | Web Server | Geneos 6.6.0 |
| VI-9688 | CVE-2023-44487 (BDSA-2023-2732), BDSA-2023-2721 | High | The Jetty libraries in the Web Dashboard have been upgraded to 9.4.53.v20231009. | Web Server | Geneos 6.6.0 |
| VI-9689 | CVE-2023-5072 (BDSA-2023-2760) | Medium | The JSON-Java library in the Active Console and Web Server has been upgraded to 20231013 | Active Console, Gateway Setup Editor, Web Server | Geneos 6.6.0 |
Geneos 6.5.x Copied
| Issue Key | CVE Number | CVE Severity | Description | Affected Components | Fix Version |
|---|---|---|---|---|---|
| UTL-1252 | CVE-2023-1370 (BDSA-2023-0616) | Medium | The net.minidev.json-smart library in the SSO Agent has been upgraded to 2.4.11. | SSO Agent | Geneos 6.5.0 |
Geneos 6.4.x Copied
| Issue Key | CVE Number | CVE Severity | Description | Affected Components | Fix Version |
|---|---|---|---|---|---|
| COL-11695 | CVE-2020-8277, CVE-2021-3672 (BDSA-2021-2387), CVE-2022-4904 (BDSA-2022-3990), CVE-2023-31124 (BDSA-2023-1270), CVE-2023-31130 (BDSA-2023-1273), CVE-2023-31147 (BDSA-2023-1276), CVE-2023-32067 (BDSA-2023-1277) | High | The gRPC C++ library in Gateway and Netprobe has been upgraded to 1.55.1, which was compiled using C-Ares 1.19.1. | Gateway, Netprobe | Geneos 6.4.0 |
| UTL-1137 | CVE-2023-31124 (BDSA-2023-1270) | High | The Apache Xerces C++ library in the Active Console, Gateway, Netprobe, and Web Server has been upgraded to 3.2.4. | Gateway, Netprobe | Geneos 6.4.0 |
| UTL-1139 | CVE-2016-3709 (BDSA-2016-1740), CVE-2019-19956 (BDSA-2019-4050), CVE-2021-3517 (BDSA-2021-1279), CVE-2021-3518 (BDSA-2021-1281), CVE-2021-3537 (BDSA-2021-1368), CVE-2021-3541 (BDSA-2021-1835), CVE-2022-23308 (BDSA-2022-0506), CVE-2022-29824 (BDSA-2022-1220), CVE-2022-40303 (BDSA-2022-2930), CVE-2022-40304 (BDSA-2022-2931), CVE-2023-29469 (BDSA-2023-0811), CVE-2023-28484 (BDSA-2023-0813), BDSA-2019-4208, BDSA-2020-0107, BDSA-2020-2277, BDSA-2021-1278 | High | Updated the libxml2 and libxslt libraries in Gateway to 2.11.4 and 1.1.38, respectively. | Gateway | Geneos 6.4.0 |
| VI-9610 | BDSA-2023-0873 | High | The Spring Security libraries in the Web Dashboard have been upgraded to 5.8.3. | Web Server | Geneos 6.4.0 |
| VI-9611 | CVE-2023-1370 | High | The JSON-smart library in the Active Console and Web Server has been upgraded to 2.4.10. | Active Console, Gateway Setup Editor | Geneos 6.4.0 |
| VI-9620 | CVE-2022-45688 | High | The JSON-Java library in the Active Console and Web Server has been upgraded to 20230227. | Active Console, Gateway Setup Editor | Geneos 6.4.0 |
Geneos 6.3.x Copied
| Issue Key | CVE Number | CVE Severity | Description | Affected Components | Fix Version |
|---|---|---|---|---|---|
| AA-6695 | CVE-2022-1941, CVE-2022-3171 | High | The Protocol Buffers library has been updated to 3.21.6. | Gateway | Geneos 6.3.0 |
| COL-11453 | CVE-2022-3510 (BDSA-2022-3221), CVE-2022-3509 (BDSA-2022-3787), CVE-2022-3171 (BDSA-2022-2886) | Medium | The Protocol Buffers library in Netprobe has been upgraded to 3.21.7. | Netprobe | Geneos 6.3.0 |
| VI-9557 | CVE-2022-1471, CVE-2022-41854 | Medium | The SnakeYAML library in the Active Console and Gateway Setup Editor has been upgraded to 2.0. | Active Console, Gateway Setup Editor | Geneos 6.3.0 |
| VI-9578 | Web Server | Medium | The Apache Commons FileUpload library in the Web Dashboard has been upgraded to 1.5. | Web Server | Geneos 6.3.0 |
Geneos 6.2.x Copied
| Issue Key | CVE Number | CVE Severity | Description | Affected Components | Fix Version |
|---|---|---|---|---|---|
| AZUREMON-357 | BDSA-2021-0311, CVE-2022-24823, CVE-2021-43797 | Medium | The Azure-core library has been updated to 1.35.0 to update the Netty project transitive dependency to version 4.1.79-FINAL. | Azure | Geneos 6.2.0 |
| AZUREMON-476 | BDSA-2022-2582, BDSA-2022-2580 | Medium | The Azure-core library has been updated to 1.35.0 to update the Woodstox-core project transitive dependency to version 6.4.0. | Azure | Geneos 6.2.0 |
| COL-11574 | CVE-2022-41915 (BDSA-2022-3560), CVE-2022-41881 (BDSA-2022-3559) | High | The Netty libraries in Netprobe have been upgraded to 4.1.86-Final. | Netprobe | Geneos 6.2.0 |
Geneos 6.1.x Copied
| Issue Key | CVE Number | CVE Severity | Description | Affected Components | Fix Version |
|---|---|---|---|---|---|
| AA-6556 | CVE-2021-22570 | High | Updated Protocol Buffers version to 3.19.4. | Gateway, Netprobe | Geneos 6.1.0 |
| AA-6557 | CVE-2021-3672, CVE-2020-8277 | Medium, High | Updated CAres version to 1.17.2. | Gateway, Netprobe | Geneos 6.1.0 |
| COL-11452 | CVE-2022-42004, CVE-2022-42003 | High | The Jackson databind library in the Netprobe package has been upgraded to 2.13.4.2. | Netprobe | Geneos 6.1.0 |
| UTL-1225 | CVE-2022-1672, CVE-2022-1259 | High | Updated Undertow Core version to 2.2.20. | SSO Agent | Geneos 6.1.0 |
| VI-9497, VI-9498, VI-9499 | CVE-2017-3272, CVE-2017-3241, CVE-2012-1531 | Medium | The Java version packaged with Active Console for Windows , Linux, and macOS is now updated to OpenJDK 11.x. | Active Console | Geneos 6.1.0 |
| VI-9500 | CVE-2017-3272, CVE-2017-3241, CVE-2012-1531 | Medium | The Java version packaged with Web Dashboard is now updated to OpenJDK 11.x. | Web Server | Geneos 6.1.0 |
| VI-9534 | CVE-2022-42004 | High | The Jackson Databind library in the Active Console has been upgraded to 2.13.4. | Active Console | Geneos 6.1.0 |
| VI-9536 | CVE-2022-38752 | Medium | The SnakeYAML library in the Gateway Setup Editor has been upgraded to 1.33. | Active Console | Geneos 6.1.0 |
| VI-9539 | CVE-2022-42003 | High | The Jackson Databind library in the Active Console has been upgraded to 2.13.4.2. | Active Console | Geneos 6.1.0 |
| VI-9542 | CVE-2022-31690, CVE-2022-31692 | Critical | The Spring Security libraries in the Web Dashboard have been upgraded to 5.7.5. Upgrading Spring Security also upgrades the Spring Framework libraries to 5.3.23. |
Web Server | Geneos 6.1.0 |
| VI-9558 | CVE-2022-41946 | Medium | The PostgreSQL library in the Active Console and Web Dashboard has been upgraded to version 42.5.1. | Active Console, Web Dashboard | Geneos 6.1.1 |
Geneos 6.0.x Copied
| Issue Key | CVE Number | CVE Severity | Description | Affected Components | Fix Version |
|---|---|---|---|---|---|
| AZUREMON-391 | BDSA-2021-4363 | Medium | The Google Gson library in the Azure Monitor plugin has been upgraded to 2.9.0. | Azure | Geneos 6.0.0 |
| C2-348 | CVE-2022-24823 (BDSA-2022-1283), BDSA-2021-0311 | Medium | The Netty library of the Collection Agent has been upgraded to 4.1.79-Final | Collection Agent | Geneos 6.0.0 |
| VI-9514 | CVE-2022-31197, CVE-2022-26520 | High | The PostgreSQL library in the Active Console and Web Dashboard has been upgraded to 42.4.1. | Active Console, Gateway Setup Editor, Web Server | Geneos 6.0.0 |
| VI-9522 | BDSA-2022-0129, BDSA-2022-0133, BDSA-2022-0134 | Medium | The OpenJDK library in the Active Console and Web Dashboard has been upgraded to 8u345-b01. | Active Console, Gateway Setup Editor, Web Server | Geneos 6.0.0 |
["Geneos"]
["Release Notes", "Upgrade Notes", "Security Updates"]