Genian NAC 5.0.55 (LTS) Release Notes (2023-07-21)
Last Updated: 2025-03-25
Security Vulnerability
| Revision | Key | Components | Description | Affects Versions | CVSS Score |
|---|---|---|---|---|---|
| 125681 | GN-28063 | WebUI | A problem where blind injection is possible in the node management search bar | 2.2 | |
| 125400 | GN-27107 | WebUI | Service disabled by executing a Tomcat restart command by an unauthorized administrator | 5.0.41 | 2.7 |
| 125328 | GN-27242 | WebUI | A vulnerability where SQL injection is possible through the user search screen in NAC 5.0 | 5.0.15 | 4.8 |
| 123778 | GN-26393 | WebUI | Vulnerability where information can be modified by directly entering a URL to an unauthorised page | 3.1 | |
| 123254 | GN-26390 | WebUI | File export permission bypass vulnerability for unauthorized administrators through the Audit Log REST API | 3.1 | |
| 122614 | GN-27492 | WebUI | Tomcat version upgrade (8.5.94 -> 8.5.96/9.0.81 -> 9.0.83) | 7.5 | |
| 121389 | GN-26315 | WebUI | Improved two-step verification to limit the number of times the verification code can be entered and the time limit | 4.3 | |
| 120866 | GN-27278 | WebUI | Tomcat version upgrade (8.5.94/9.0.81) | 7.5 | |
| 120379 | GN-26935 | WebUI | Vulnerability where an html tag output as a department name is executed in a tree | 5.0.0 | 1.2 |
| 120379 | GN-26865 | WebUI | XSS input vulnerability in dashboard widget settings | 1.2 | |
| 120379 | GN-26835 | Center | Command Injection vulnerability via SQL used to update data | 6.6 | |
| 120379 | GN-26833 | Sensor | nmap script tampering vulnerability during sensor NMDB update | 4.1 | |
| 120379 | GN-26814 | Center | Code improvements to Bufferoverflow | 2 | |
| 120379 | GN-26725 | Linux Agent, macOS Agent, Windows Agent | [Agent] Added validation for events sent from the Center and sensors | 6.3 | |
| 120379 | GN-26696 | Sensor | Insufficient validation of incoming sensor events | 6.3 | |
| 120379 | GN-26694 | Center | Parameter injection vulnerability due to insufficient verification of download URLs | 6.6 | |
| 120379 | GN-26383 | WebUI | Vulnerability where html/script code can be injected | 5.3 | |
| 120379 | GN-26222 | WebUI | A problem where redirection can be performed by modulating the returnURL parameter used when moving pages in the management console | 1.9 |
New Features and Improvements
| Revision | Key | Components | Description | Affects Versions |
|---|---|---|---|---|
| 132977 | GN-29361 | Center, GeniUpdate | Fixed an issue where the latest operating information data update could fail | 6.0.16, 5.0.55 (LTS), 5.0.60, 4.0.160 |
| 130183 | GN-28953 | Linux Agent | Linux Agent, OSID addition task (5.0) | |
| 129529 | GN-28738 | Agent Windows Server 2022 support | ||
| 127334 | GN-28368 | macOS Agent | macOS agent supports newly released macOS 15 (codename Sequoia) | 5.0.0, 6.0.0 |
| 125153 | GN-27973 | Center, macOS Agent, Sensor, Windows Agent | OpenSSL 3.0.13, 1.1.1w upgrade - excessive resource usage during X.509 policy constraint checking | 4.0.0, 5.0.0, 6.0.0 |
| 123469 | GN-27625 | Sensor | Fixed an issue where pubilc IP cannot be imported when changing sensor operation modes and policies | |
| 122691 | GN-27462 | Windows Agent | Improved to download only cosign files corresponding to the operating system (64/32 bit) when installing the file distribution V2 plug-in | 5.0.42, 4.0.155, 6.0.15, 5.0.55 (LTS), 5.0.56, 5.0.57 |
| 122238 | GN-27164 | VRRPD | [General-purpose OS] A problem where the redundant configuration switches to the slave state due to an interface status check failure after switching to the master state | 5.0.42 |
| 122215 | GN-27402 | WebUI | API improvements so that start/end times can be set when modifying MAC policies | |
| 122178 | GN-27390 | Center, WebUI | Improved so that data in the /disk/data/report directory is also deleted when setting the number of reports to be saved | |
| 121929 | GN-27241 | macOS Agent | Improved so that agents can validate server events when using macOS multi-policy servers | |
| 121892 | GN-27248 | Linux Agent | Linux Agent, improved so that agents can validate server events when using multiple policy servers | |
| 121742 | GN-26627 | WebUI | Improved so that the authentication screen is not displayed again on CWP Web after agent authentication while the CWP web page is output | |
| 121119 | GN-27269 | -Unknown/None- | Remove unnecessary permissions from apache/tomcat-related directories and files | |
| 120558 | GN-26325 | GNOS | Fixed an issue where procmond was executed repeatedly when running httpd-driven scripts | |
| 120405 | GN-27146 | Center | A problem where the password entered by the user remains in the central debug file when linking external authentication via extauth fails | |
| 120379 | GN-29354 | A problem where verification of the latest operating information data fails with Genian Sinker. | ||
| 120379 | GN-27207 | Windows Agent | Improved so that agents can validate server events when using multiple policy servers | |
| 120379 | GN-27206 | Center, Sensor | Added the ability to export trusted nodeids from the center to sensors and agents | |
| 120379 | GN-27142 | Windows Agent | Change the integration module to support the new version of the pill | |
| 120379 | GN-27121 | Center, macOS Agent | macOS agent support for new OS 14.0 (Sonoma) | |
| 120379 | GN-27046 | WebUI | Added IP/MAC additional field items to node registration, batch node registration, and node attribute import | |
| 120379 | GN-27045 | WebUI | Added the ability to output additional IP and MAC fields newly added to the node management list | |
| 120379 | GN-27038 | WebUI | Fixed an issue where webssh could not be connected after the openssh version was upgraded | |
| 120379 | GN-27031 | Center, Sensor | [General-purpose OS] Local privilege escalation vulnerability in Ubuntu OverlayFS module | |
| 120379 | GN-27013 | WebUI | Improved so that items set to markdown can be converted | |
| 120379 | GN-27010 | GenianOS | GNOS OpenSSH version upgrade (8.6p1->9.3p2) | |
| 120379 | GN-26988 | macOS Agent | Improved functionality so that the approval window is not displayed when using the macOS file distribution plug-in V2 | |
| 120379 | GN-26987 | Linux Agent | Improved functionality so that the approval window is not displayed when using the Linux Agent and File Distribution Plug-in V2 | |
| 120379 | GN-26981 | Center, Linux Agent, macOS Agent, WebUI, Windows Agent | Improved functionality so that the approval window is not displayed when using the distribution plug-in V2 | |
| 120379 | GN-26879 | WebUI | IP/MAC additional field management function added | |
| 120379 | GN-26838 | Ubuntu(Debian) | [General-purpose OS] ICMP Timestamp support removed | |
| 120379 | GN-26792 | Center, Sensor | Enhanced validation of policy server incoming events | |
| 120379 | GN-26791 | WebUI | Expand up to 20 custom fields that can be used when registering nodes in batches (uploading csv files) | |
| 120379 | GN-26789 | Genian Syncer | Electronic signature verification of operating information data synchronized with Genian Sinker | |
| 120379 | GN-26778 | Center | Add node group conditions related to the IP/MAC additional field | |
| 120379 | GN-26766 | Center, macOS Agent | Development of distribution plugins based on macOS Sigstore electronic signatures | |
| 120379 | GN-26730 | macOS Agent | macOS agent ZTNA applies a new icon and changes the connection display | |
| 120379 | GN-26729 | macOS Agent | Symptoms of not being able to collect AhnLab V3 information when using the macOS agent vaccine information collection plug-in | |
| 120379 | GN-26724 | Sensor | Improved port module kernel upgrade (2.6.38->4.14.196) for Axgate 80D and 200AX models | |
| 120379 | GN-26644 | Windows Agent | Change the Center CA certificate installation option to default ON and change the execution cycle | |
| 120379 | GN-26563 | Sensor | Improved so that the sensor can manage the Alias IP band without setting Alias IP in the sensor interface | |
| 120379 | GN-26479 | Sensor | Improved so that the blocking node is unblocked when shutting down via the sensor reboot/poweroff command | |
| 120379 | GN-26462 | WebUI | Improved so that customer information is not displayed on the management UI login screen | |
| 120379 | GN-26381 | WebUI | Add an organization name (USER_COMPANY) column to the user management list | |
| 120379 | GN-26359 | Windows Agent | Added a feature to force the use of Windows's 'Wi-Fi random hardware address option' | |
| 120379 | GN-26329 | Windows Agent | Added a feature that allows you to forcibly disable the Windows logon screen display settings when controlling the screen saver | |
| 120379 | GN-26321 | WebUI | A problem where the OS type combo box on the device group screen is output as an empty value | |
| 120379 | GN-26192 | WebUI | SAML Service Provider Metadata Creation Function | |
| 120379 | GN-26186 | Center | Improved the part where the audit log type did not match due to event key mismatch | 5.0.33 |
| 120379 | GN-26183 | WebUI | Fixed so that the end date of use of the IP application system is not displayed by default on the same day when applying for an IP | |
| 120379 | GN-26171 | CWP | Improved so that the administrator's ID is not displayed in CWP announcements | |
| 120379 | GN-26167 | Authsync | Postgresql package upgrade to support SCRAM-SHA-256 authentication | |
| 120379 | GN-26123 | WebUI | Improved the part where millisecond values are output in the DateTime value of emails sent after listening to the user | |
| 120379 | GN-26105 | WebUI | Improvement of the width (width) of the node management operation status chart | |
| 120379 | GN-26043 | Sensor | Improved so that authentication and encryption algorithms can be selected when the SNMP Agent is running | |
| 120379 | GN-26037 | WebUI | Improved so that a reason input pop-up window appears when approving/rejecting on the user application details page | |
| 120379 | GN-26031 | Center, Database | Adding node group conditions using system information (motherboard) collected by agents | |
| 120379 | GN-25993 | Center | Ability to restore previous versions of GPDB/NMDB updates | |
| 120379 | GN-25959 | Center | Improved to leave an audit log when automatically returning | |
| 120379 | GN-25940 | Linux Agent | Linux Agent, offline installation package creation tool development | |
| 120379 | GN-25921 | Linux Agent | Linux Agent, log cleaning function added | |
| 120379 | GN-25540 | GenianOS | Change the CA certificate validity period to 10 years | |
| 120379 | GN-23316 | Center | Simplifying upgrades by including sensors/agents in the Policy Server image | |
| 120379 | GN-22197 | Center | Added a function to enable OAUTH 2.0 ROPC authentication |