Important: Elastic Stack security update (installed with SIEM)
Type/Severity
NetEye Product Security has rated this update as having a Critical security impact.
Topic
An update for the kibana package is now available for NetEye 4.
Security Fix for NetEye 4.41
8.17.6_neteye3.74.6-1
CVSSv3.1: 9.1(Critical) – CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
For a detailed overview of the security issue(s), including the impact, CVSS score, acknowledgments, and other relevant information, please refer to the links provided in the References section below.
For those customers who cannot update, a workaround is available here.
For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section in the User Guide.
Affected Products
All NetEye 4.x versions >=4.31 with both Kibana’s Machine Learning and Reporting features enabled.
References
- https://neteye.guide/current/security-policy/bugfix-policy.html#severity-levels
- https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- https://discuss.elastic.co/t/kibana-8-17-6-8-18-1-or-9-0-1-security-update-esa-2025-07/377868
Alessandro Mizzaro
Author
