13. 05. 2021 Mattia Codato Bug Fixes, ITOA, NetEye

Bug Fixes for NetEye 4.17

We fixed two security vulnerabilities related to the web interface.
They were related to the cross-site request forgery attack and the clickjacking attack.
Both are used to induce users to perform actions that they do not intend to perform by hiding the NetEye web interface under some eye-catching pages or with some malicious links sent for example by email.

More information on how the vulnerabilities work can be found here:

Furthermore, we fixed a bug related to the users SSO in the ITOA module. When the users belonged to teams of different organizations, the teams were not correctly assigned.

For NetEye 4.17 we updated the following packages:

  • httpd-neteye-config and httpd-neteye-config-autosetup to version 1.9.1-1
  • icingaweb2-module-analytics and icingaweb2-module-analytics-autosetup to version 1.38.1-1
Mattia Codato

Mattia Codato

Software Developer - IT System & Service Management Solutions at Würth Phoenix

Author

Mattia Codato

Software Developer - IT System & Service Management Solutions at Würth Phoenix

Latest posts by Mattia Codato

02. 04. 2024 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.35 Release Notes
25. 03. 2024 Development, DevOps, NetEye
Boosting NetEye CI Speed Post-FOSDEM ’24
01. 02. 2024 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.34 Release Notes
11. 12. 2023 Events
WPCTF 2023: Our Journey in Organizing a Capture The Flag Event
01. 12. 2023 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.33 Release Notes
See All

Related Content

Tags: ,

17. 04. 2024 Bug Fixes, NetEye

NetEye 4 – Security Advisory

Synopsis Important: geomap security update Type/Severity Security Advisory: High Topic An update for the package geomap is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of High. Common Vulnerability Scoring System Read More
17. 04. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.35

Resolved an issue in the NetEye Alyvix module where the dashboard's loading state would persist indefinitely if no nodes were configured. Furthermore we fixed a bug where Monitoring Objects could not be created over the live-creation if its name contained Read More
28. 03. 2024 Bug Fixes, NetEye

NetEye 4 – Security Advisory

Important: GLPI Security Update Type/Severity Security Advisory: High Topic An update for the package glpi is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of High. Common Vulnerability Scoring System (CVSS) Read More
15. 03. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.34

We resolved a bug in the NetEye PDF exporting module that causes the reporting scheduler to stop working. Updated packages We updated the following packages: icingaweb2-module-pdfexport and icingaweb2-module-pdfexport-autosetup to version 0.10.2_neteye0.4.1-2.
12. 03. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.34

We resolved a bug in the NetEye Satellite installation and update procedures that previously resulted in an error when the Elastic Agent package was manually installed on the Satellite. Updated packages We updated the following packages: elastic-agent, elastic-agent-autosetup, elastic-agent-neteye-config, elastic-stack-configurator, elasticsearch, elasticsearch-autosetup, elasticsearch-neteye-config, elasticsearch-xpack-license, filebeat, filebeat-autosetup, filebeat-neteye-config, kibana, kibana-autosetup, kibana-neteye-config, logstash, logstash-autosetup, logstash-neteye-config, logstash-neteye-config-autosetup to version 8.11.3_neteye3.58.5-1

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive