28. 03. 2024 Valentina Da Rold Bug Fixes, NetEye

NetEye 4 – Security Advisory

Important: GLPI Security Update

Type/Severity

Security Advisory: High

Topic

An update for the package glpi is now available for NetEye 4.

NetEye Product Security has rated this update as having a security impact of High. Common Vulnerability Scoring System (CVSS) base scores provide additional guidance about a vulnerability, and give a detailed severity rating.

Description

GLPI was affected by:

  • [High] SQL Injection in through the search engine (CVE-2024-27096)
  • [Moderate] Blind SSRF using Arbitrary Object Instantiation (CVE-2024-27098)
  • [Moderate] Stored XSS in dashboards (CVE-2024-27104)
  • [Moderate] Reflected XSS in debug mode (CVE-2024-27914)
  • [Moderate] Sensitive fields access through dropdowns (CVE-2024-27930)
  • [Moderate] Users emails enumeration (CVE-2024-27937)

Security Fixes for NetEye 4.34:

  • glpi-10.0.14_neteye1.15.0-1
  • glpi-autosetup-10.0.14_neteye1.15.0-1
  • glpi-neteye-config-10.0.14_neteye1.15.0-1
  • php-neteye-config-1.3.0-1

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the links listed below in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section in the User Guide.

Affected Products

All NetEye 4.x versions before and including 4.34.

References

Valentina Da Rold

Valentina Da Rold

Hi, I'm Valentina and I'm a Frontend Developer at Wuerth Phoenix. I started out my career applying my Cryptography skills to coding, but really quickly fell in love with the web. I have been making websites and applications since 2012 and I still can't get enough of it. Along the way I found a passion for front-end development, and I use this passion to create interfaces that solve problems. When I'm not creating beautiful solutions, I enjoy cooking or doing sport, while listening to beautiful music.

Author

Valentina Da Rold

Hi, I'm Valentina and I'm a Frontend Developer at Wuerth Phoenix. I started out my career applying my Cryptography skills to coding, but really quickly fell in love with the web. I have been making websites and applications since 2012 and I still can't get enough of it. Along the way I found a passion for front-end development, and I use this passion to create interfaces that solve problems. When I'm not creating beautiful solutions, I enjoy cooking or doing sport, while listening to beautiful music.

Latest posts by Valentina Da Rold

14. 11. 2024 Atlassian, Service Management
Take Control of Your Assets from Anywhere with Just a Wave of Your Hand!
03. 05. 2024 Development
Exploring Tailwind CSS: A Game-Changer in Frontend Development
07. 02. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.34
19. 12. 2023 Development, Events, NetEye
We spent a (Vue)day in Verona
18. 12. 2023 Bug Fixes, NetEye
Bug Fixes for NetEye 4.33
See All

Related Content

Tags:

05. 11. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.38

We’ve fixed an issue where the neteye satellite config send command would stop if no SSH connection was available or enabled for a satellite. Now, the command will skip those satellites, allowing configurations to continue for reachable ones, while manual Read More
24. 10. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.38

We fixed a bug in Icingaweb2 module Geomap that prevented users from declustering pins, even when fully zoomed in. Now, pins that are clustered together can be separated and viewed clearly by clicking the cluster icon at max zoom level, Read More
24. 10. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.38

We fixed a bug in the host and service search configuration with custom fields that generated an error if only one of the two fields was filled in. SIEM - Log Management We have resolved a bug that caused one Read More
22. 10. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.38

We resolved a bug in the Elastic Agent which was causing the Elastic Agent to temporarily losing its state (namely the state.enc file) during updates. We updated the following packages: elastic-agent, elastic-agent-autosetup, elastic-agent-neteye-config, filebeat, filebeat-autosetup, filebeat-neteye-config, logstash, logstash-neteye-config, logstash-autosetup, logstash-neteye-config-autosetup, Read More
22. 10. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.38

Assetmanagement - GLPI We fixed a bug for the GLPI single sign on, where every login through the SSO would write two line of updates for the user permissions to the user object history. SIEM - Log Management We resolved Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive