Geneos 7.x Security Updates
This page contains security updates for all Geneos 7.x releases.
To learn more about the supported Geneos versions and new features in the Geneos 7.x release, see the following documents:
Geneos 7.1.1
Copied
Issue Key
CVE Number and Severity
Description
Affected Components
Fix Version
AA-7229
CVE-2024-3596 (High)
CVE-2024-26462 (Medium)
CVE-2024-26461 (Medium)
CVE-2024-26458 (Medium)
CVE-2024-2236 (Medium)
CVE-2024-4741 (Low)
CVE-2024-4603 (Low)
CVE-2024-2511 (Low)
CVE-2024-5535 (Low)
Updated Geneos and Netprobe base Docker images to 9.5-1731604394 to address the security vulnerabilities.
Docker Image
Geneos 7.1.1
AZUREMON-553, C2-457, COL-12421
CVE-2024-47535 (High)
Updated Netty to 4.1.115.Final to address the security vulnerability.
Azure Monitor, Collection Agent, Netprobe
Geneos 7.1.1
COL-12380
CVE-2024-8096 (BDSA-2024-6196) (Medium)
CVE-2024-7264 (BDSA-2024-5030) (Low)
CVE-2024-6874 (BDSA-2024-4662) (Low)
CVE-2024-6197 (BDSA-2024-4663) (Medium)
Updated the curl version from 8.8.0 to 8.10.1 to address the security vulnerabilities.
Gateway, Netprobe
Geneos 7.1.1
HAAW-481
CVE-2024-47561(BDSA-2024-6954) (High)
Updated the Apache Avro dependency of the AWS Kinesis client to 1.11.4 to address the security vulnerability.
AWS Plugin
Geneos 7.1.1
UTL-1308
CVE-2023-5869
CVE-2021-32027
CVE-2020-25695
CVE-2020-25694
CVE-2016-0773
CVE-2016-5423
CVE-2016-5424
CVE-2023-39417
CVE-2020-25696
CVE-2020-14350
CVE-2020-14349
CVE-2021-32029
CVE-2021-32028
CVE-2015-0243
CVE-2015-0241
CVE-2015-3165
CVE-2024-10978
CVE-2018-1115
CVE-2015-3166
CVE-2024-4317
CVE-2023-39418
CVE-2015-3167
CVE-2015-0244
postgres
dependencies have been removed from the Gateway and Netprobe Docker images to address the security vulnerabilities.
Docker Image
Geneos 7.1.1
VI-9888
sonatype-2024-3350 (High)
The Apache Commons Collection java library has been updated to Apache Commons Collection version 4.4 to address the security vulnerability.
Active Console
Geneos 7.1.1
Geneos 7.1.0
Copied
Issue Key
CVE Number and Severity
Description
Affected Components
Fix Version
AA-6974
BDSA-2024-0444 (Medium)
The c-ares library has been updated to version 1.34.1 to address the security vulnerability.
Gateway, Netprobe, Fix-Analyser 2 Netprobe
Geneos 7.1.0
AA-7170
BDSA-2024-4704 (High)
BDSA-2024-2491 (Medium)
The libxml2
has been updated to version 2.13.4 to address the security vulnerabilities.
Gateway, Netprobe, Fix-Analyser 2 Netprobe
Geneos 7.1.0
AA-7171
CVE-2023-44487 (High)
BDSA-2024-5199 (High)
BDSA-2023-2427 (CVE-2023-4785) (Medium)
BDSA-2023-2140 (CVE-2023-33953) (Medium)
The gRPC library has been updated to version 1.67.0 to address the security vulnerabilities.
Gateway, Netprobe, Fix-Analyser 2 Netprobe
Geneos 7.1.0
COL-12288
CVE-2024-7254 (High)
The proto-google-common-protos
dependency has been updated to version 2.46.0 to remove the transitive dependency to the vulnerable protobuf-java
library.
Netprobe
Geneos 7.1.0
VI-9804
CVE-2023-35116 (Medium)
The Jackson databind library in the Active Console has been upgraded to 2.18.0 to address the security vulnerability.
Active Console
Geneos 7.1.0
VI-9852
BDSA-2024-5369 (Medium)
BDSA-2024-5371 (Medium)
The Spring Framework libraries in the Web Server have been upgraded to 5.3.39 to address the security vulnerabilities.
Web Server
Geneos 7.1.0
VI-9881
BDSA-2024-7228 (Medium)
BDSA-2024-7229 (Medium)
The Jetty libraries in the Web Server have been upgraded to 9.4.56.v20240826 to address the security vulnerabilities.
Web Server
Geneos 7.1.0
VI-9886
BDSA-2024-7762 (High)
The Spring Security libraries in the Web Server have been upgraded to 5.8.15 to address the security vulnerability.
Web Server
Geneos 7.1.0
Geneos 7.0.4
Copied
Issue Key
CVE Number
CVE Severity
Description
Affected Components
Fix Version
COL-12287
CVE-2024-7254
High
Updated the following to address CVE-2024-7254:
protobuf-java
library to version 3.25.5
proto-google-common-protos
to version 2.45.1
collection-agent
and the corresponding collection dependencies to version 4.7.0
obcerv-platform-api
to version 2.7.0
Collection Agent, Netprobe
Geneos 7.0.4
HAAW-479
BDSA-2024-6519 (CVE-2024-7254)
High
Updated the protobuf-java
dependency to address: BDSA-2024-6519 (CVE-2024-7254).
AWS
Geneos 7.0.4
UTL-1246
CVE-2024-6119
Medium
Updated the xnio
module to version 3.8.16 to address the following security vulnerabilities:
BDSA-2023-3831
BDSA-2022-1913 (CVE-2022-0084)
SSO Agent
Geneos 7.0.4
UTL-1287
CVE-2024-6119
High
The undertow-core
module has been updated to version 2.3.17 to address the following security vulnerabilities:
BDSA-2024-5641 (CVE-2024-7885)
BDSA-2024-0321
BDSA-2024-4198
BDSA-2022-4041 (CVE-2022-4492)
BDSA-2024-3899
BDSA-2023-2318 (CVE-2023-3223)
BDSA-2023-3683
BDSA-2024-4195
BDSA-2023-0526 (CVE-2023-1108)
BDSA-2024-0322 (CVE-2024-1459)
BDSA-2022-2482
SSO Agent
Geneos 7.0.4
VI-9875
CVE-2024-47554
High
The Commons IO library in the Web Server has been upgraded to version 2.17.0 to address the security vulnerability: CVE-2024-47554.
Web Server
Geneos 7.0.4
Geneos 7.0.3
Copied
Issue Key
CVE Number
CVE Severity
Description
Affected Components
Fix Version
AA-7181
CVE-2024-6119
Medium
Updated the base images of Gateway and Netprobe docker containers to UBI 9.4-1227.1726694542 to address the security vulnerability: CVE-2024-6119.
Docker Image
Geneos 7.0.3
Geneos 7.0.2
Copied
Issue Key
CVE Number
CVE Severity
Description
Affected Components
Fix Version
AA-7169
CVE-2024-34397
Medium
Updated the base images of Gateway and Netprobe docker containers to UBI 9.4-1227.1725849298 to address the security vulnerability: CVE-2024-34397.
Docker Image
Geneos 7.0.2
HAAW-478
CVE-2023-5072
High
Updated the org.json:json
dependency used by the Amazon Kinesis Client to version 20240303
to address the security vulnerability: CVE-2023-5072.
AWS
Geneos 7.0.2
Geneos 7.0.x
Copied
Issue Key
CVE Number
CVE Severity
Description
Affected Components
Fix Version
COL-11885
CVE-2023-40400 (BDSA 2023-2588)
High
The libpcap has been upgraded to 1.11.0 to address the security vulnerability: CVE-2023-40400 (BDSA 2023-2588).
Netprobe
Geneos 7.0.0
VI-9820
QID 150896
High
The Web Dashboard no longer shows Java Stack Traces when an exception occurs during loading. This addresses the security vulnerability: QID 150896.
Web Server
Geneos 7.0.0
COL-12154
CVE-2024-35255
Medium
Updated the Azure identity dependency to address the security vulnerability: CVE-2024-35255.
Azure Monitor
Geneos 7.0.0
["Geneos"]
["Release Notes", "Upgrade Notes", "Security Updates"]