We fixed two security vulnerabilities related to the web interface. They were related to the cross-site request forgery attack and the clickjacking attack. Both are used to induce users to perform actions that they do not intend to perform by hiding the NetEye web interface under some eye-catching pages or with some malicious links sent for example by email.
More information on how the vulnerabilities work can be found here:
Furthermore, we fixed a bug related to the users SSO in the ITOA module. When the users belonged to teams of different organizations, the teams were not correctly assigned.
For NetEye 4.17 we updated the following packages:
httpd-neteye-config and httpd-neteye-config-autosetup to version 1.9.1-1
icingaweb2-module-analytics and icingaweb2-module-analytics-autosetup to version 1.38.1-1
Mattia Codato
Software Developer - IT System & Service Management Solutions at Würth IT Italy
Author
Mattia Codato
Software Developer - IT System & Service Management Solutions at Würth IT Italy
Important: Icinga 2 security update Type/Severity NetEye Product Security has rated this update as having a critical security impact. Topic An update for the icinga package is now available for NetEye 4. Security Fix for NetEye 4.48 2.15.5_neteye1.71.2-1 Summary The vulnerabilities include an Read More
Important: Elastic Stack security update Type/Severity NetEye Product Security has rated this update as having a Medium security impact. Topic An update for the Kibana package is now available for NetEye 4. Security Fix for NetEye 4.48 9.4.3_neteye3.101.2-1 CVEs CVE-2026-56148CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-56149CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-56151CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H All Read More
Fix Geo Map layers and maps deletion. We have resolved an issue in the Geo Map module that prevented users from deleting maps and layers through the web interface. List of updated packages To solve the issue mentioned above, the Read More
Important: GLPI security update Type/Severity NetEye Product Security has rated this update as having a high security impact. Topic An update for the glpi packages is now available for NetEye 4. Security Fix for NetEye 4.48 10.0.26_neteye1.19.1-1 Summary The vulnerabilities include two SQL Read More
Fix SLM Reports generation with Object Filter on service custom variables. We have resolved an issue that caused SLM Reports generation to fail when the report was based on a contract whose Object Filter contained expressions on service custom variables Read More