We fixed two security vulnerabilities related to the web interface. They were related to the cross-site request forgery attack and the clickjacking attack. Both are used to induce users to perform actions that they do not intend to perform by hiding the NetEye web interface under some eye-catching pages or with some malicious links sent for example by email.
More information on how the vulnerabilities work can be found here:
Furthermore, we fixed a bug related to the users SSO in the ITOA module. When the users belonged to teams of different organizations, the teams were not correctly assigned.
For NetEye 4.17 we updated the following packages:
httpd-neteye-config and httpd-neteye-config-autosetup to version 1.9.1-1
icingaweb2-module-analytics and icingaweb2-module-analytics-autosetup to version 1.38.1-1
Important: GLPI security update Type/Severity NetEye Product Security has rated this update as having a high security impact. Topic An update for the GLPI packages is now available for NetEye 4. Security Fix for NetEye 4.46 10.0.23_neteye1.17.5-1 CVEs CVE-2026-22044CVSS:Reserved CVE-2026-23624CVSS:Reserved The CVEs include Read More
Fix unnecessary action retries in Tornado's Smart Monitoring component We fixed a bug affecting Tornado in NetEye 4.45 for a specific edge case in Tornado's Smart Monitoring component that was causing unnecessary system overhead and log bloat. Specifically, when Tornado Read More
Fix contract list option wrongly disabled in SLM reports We fixed a bug affecting the SLM reporting in NetEye 4.45. The issue occurred during the modification of a report, when one of the contracts in the list could not be Read More
Bug Fix We updated the version of GLPI in order to fix some relevant vulnerabilities. List of updated packages The following packages have been updated for NetEye 4.45: glpi, glpi-autosetup, glpi-configurator, glpi-neteye-config to version 10.0.22_neteye1.17.5-1.
Bug Fix in Tornado Module We solved an issue in Tornado's rule configuration where the action_name field in director actions was being cleared after saving and deploying. When users created a rule with a director action and filled in both Read More
