Geneos 7.x Security Updates

Overview Copied

This page contains security updates for all Geneos 7.x releases.

To learn more about the supported Geneos versions and new features in the Geneos 7.x release, see the following documents:

Geneos 7.1.1 Copied

Issue Key CVE Number and Severity Description Affected Components Fix Version
AA-7229
  • CVE-2024-3596 (High)
  • CVE-2024-26462 (Medium)
  • CVE-2024-26461 (Medium)
  • CVE-2024-26458 (Medium)
  • CVE-2024-2236 (Medium)
  • CVE-2024-4741 (Low)
  • CVE-2024-4603 (Low)
  • CVE-2024-2511 (Low)
  • CVE-2024-5535 (Low)
Updated Geneos and Netprobe base Docker images to 9.5-1731604394 to address the security vulnerabilities. Docker Image Geneos 7.1.1
AZUREMON-553, C2-457, COL-12421 CVE-2024-47535 (High) Updated Netty to 4.1.115.Final to address the security vulnerability. Azure Monitor, Collection Agent, Netprobe Geneos 7.1.1
COL-12380
  • CVE-2024-8096 (BDSA-2024-6196) (Medium)
  • CVE-2024-7264 (BDSA-2024-5030) (Low)
  • CVE-2024-6874 (BDSA-2024-4662) (Low)
  • CVE-2024-6197 (BDSA-2024-4663) (Medium)
Updated the curl version from 8.8.0 to 8.10.1 to address the security vulnerabilities. Gateway, Netprobe Geneos 7.1.1
HAAW-481 CVE-2024-47561(BDSA-2024-6954) (High) Updated the Apache Avro dependency of the AWS Kinesis client to 1.11.4 to address the security vulnerability. AWS Plugin Geneos 7.1.1
UTL-1308
  • CVE-2023-5869
  • CVE-2021-32027
  • CVE-2020-25695
  • CVE-2020-25694
  • CVE-2016-0773
  • CVE-2016-5423
  • CVE-2016-5424
  • CVE-2023-39417
  • CVE-2020-25696
  • CVE-2020-14350
  • CVE-2020-14349
  • CVE-2021-32029
  • CVE-2021-32028
  • CVE-2015-0243
  • CVE-2015-0241
  • CVE-2015-3165
  • CVE-2024-10978
  • CVE-2018-1115
  • CVE-2015-3166
  • CVE-2024-4317
  • CVE-2023-39418
  • CVE-2015-3167
  • CVE-2015-0244
postgres dependencies have been removed from the Gateway and Netprobe Docker images to address the security vulnerabilities. Docker Image Geneos 7.1.1
VI-9888 sonatype-2024-3350 (High) The Apache Commons Collection java library has been updated to Apache Commons Collection version 4.4 to address the security vulnerability. Active Console Geneos 7.1.1

Geneos 7.1.0 Copied

Issue Key CVE Number and Severity Description Affected Components Fix Version
AA-6974 BDSA-2024-0444 (Medium) The c-ares library has been updated to version 1.34.1 to address the security vulnerability. Gateway, Netprobe, Fix-Analyser 2 Netprobe Geneos 7.1.0
AA-7170
  • BDSA-2024-4704 (High)
  • BDSA-2024-2491 (Medium)
The libxml2 has been updated to version 2.13.4 to address the security vulnerabilities. Gateway, Netprobe, Fix-Analyser 2 Netprobe Geneos 7.1.0
AA-7171
  • CVE-2023-44487 (High)
  • BDSA-2024-5199 (High)
  • BDSA-2023-2427 (CVE-2023-4785) (Medium)
  • BDSA-2023-2140 (CVE-2023-33953) (Medium)
The gRPC library has been updated to version 1.67.0 to address the security vulnerabilities. Gateway, Netprobe, Fix-Analyser 2 Netprobe Geneos 7.1.0
COL-12288 CVE-2024-7254 (High) The proto-google-common-protos dependency has been updated to version 2.46.0 to remove the transitive dependency to the vulnerable protobuf-java library. Netprobe Geneos 7.1.0
VI-9804 CVE-2023-35116 (Medium) The Jackson databind library in the Active Console has been upgraded to 2.18.0 to address the security vulnerability. Active Console Geneos 7.1.0
VI-9852
  • BDSA-2024-5369 (Medium)
  • BDSA-2024-5371 (Medium)
The Spring Framework libraries in the Web Server have been upgraded to 5.3.39 to address the security vulnerabilities. Web Server Geneos 7.1.0
VI-9881
  • BDSA-2024-7228 (Medium)
  • BDSA-2024-7229 (Medium)
The Jetty libraries in the Web Server have been upgraded to 9.4.56.v20240826 to address the security vulnerabilities. Web Server Geneos 7.1.0
VI-9886 BDSA-2024-7762 (High) The Spring Security libraries in the Web Server have been upgraded to 5.8.15 to address the security vulnerability. Web Server Geneos 7.1.0

Geneos 7.0.4 Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
COL-12287 CVE-2024-7254 High Updated the following to address CVE-2024-7254:
  • protobuf-java library to version 3.25.5
  • proto-google-common-protos to version 2.45.1
  • collection-agent and the corresponding collection dependencies to version 4.7.0
  • obcerv-platform-api to version 2.7.0
Collection Agent, Netprobe Geneos 7.0.4
HAAW-479 BDSA-2024-6519 (CVE-2024-7254) High Updated the protobuf-java dependency to address: BDSA-2024-6519 (CVE-2024-7254). AWS Geneos 7.0.4
UTL-1246 CVE-2024-6119 Medium Updated the xnio module to version 3.8.16 to address the following security vulnerabilities:
  • BDSA-2023-3831
  • BDSA-2022-1913 (CVE-2022-0084)
SSO Agent Geneos 7.0.4
UTL-1287 CVE-2024-6119 High The undertow-core module has been updated to version 2.3.17 to address the following security vulnerabilities:
  • BDSA-2024-5641 (CVE-2024-7885)
  • BDSA-2024-0321
  • BDSA-2024-4198
  • BDSA-2022-4041 (CVE-2022-4492)
  • BDSA-2024-3899
  • BDSA-2023-2318 (CVE-2023-3223)
  • BDSA-2023-3683
  • BDSA-2024-4195
  • BDSA-2023-0526 (CVE-2023-1108)
  • BDSA-2024-0322 (CVE-2024-1459)
  • BDSA-2022-2482
SSO Agent Geneos 7.0.4
VI-9875 CVE-2024-47554 High The Commons IO library in the Web Server has been upgraded to version 2.17.0 to address the security vulnerability: CVE-2024-47554. Web Server Geneos 7.0.4

Geneos 7.0.3 Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
AA-7181 CVE-2024-6119 Medium Updated the base images of Gateway and Netprobe docker containers to UBI 9.4-1227.1726694542 to address the security vulnerability: CVE-2024-6119. Docker Image Geneos 7.0.3

Geneos 7.0.2 Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
AA-7169 CVE-2024-34397 Medium Updated the base images of Gateway and Netprobe docker containers to UBI 9.4-1227.1725849298 to address the security vulnerability: CVE-2024-34397. Docker Image Geneos 7.0.2
HAAW-478 CVE-2023-5072 High Updated the org.json:json dependency used by the Amazon Kinesis Client to version 20240303 to address the security vulnerability: CVE-2023-5072. AWS Geneos 7.0.2

Geneos 7.0.x Copied

Issue Key CVE Number CVE Severity Description Affected Components Fix Version
COL-11885 CVE-2023-40400 (BDSA 2023-2588) High The libpcap has been upgraded to 1.11.0 to address the security vulnerability: CVE-2023-40400 (BDSA 2023-2588). Netprobe Geneos 7.0.0
VI-9820 QID 150896 High The Web Dashboard no longer shows Java Stack Traces when an exception occurs during loading. This addresses the security vulnerability: QID 150896. Web Server Geneos 7.0.0
COL-12154 CVE-2024-35255 Medium Updated the Azure identity dependency to address the security vulnerability: CVE-2024-35255. Azure Monitor Geneos 7.0.0
["Geneos"] ["Release Notes", "Upgrade Notes", "Security Updates"]

Was this topic helpful?