Genian NAC Security Advisories
Last Updated: 2024-04-01
Security Vulnerability
| Fixed Versions | Key | Components | Description | Affects Versions | CVSS Score |
|---|---|---|---|---|---|
| 5.0.62 | GN-26723 | WebUI | Vulnerability fixes that are not immediately reflected when the administrator's rights are changed | 3.3 | |
| 5.0.61, 5.0.56, 5.0.55 (LTS) | GN-28063 | WebUI | A problem where blind injection is possible in the node management search bar | 2.2 | |
| 5.0.60, 5.0.56, 5.0.55 (LTS) | GN-27242 | WebUI | A vulnerability where SQL injection is possible through the user search screen in NAC 5.0 | 5.0.15 | 4.8 |
| 5.0.60, 5.0.56, 5.0.55 (LTS) | GN-27107 | WebUI | Service disabled by executing a Tomcat restart command by an unauthorized administrator | 5.0.41 | 2.7 |
| 5.0.58, 5.0.56, 5.0.55 (LTS) | GN-26393 | WebUI | Vulnerability where information can be modified by directly entering a URL to an unauthorised page | 3.1 | |
| 5.0.58, 5.0.56, 5.0.55 (LTS) | GN-26390 | WebUI | File export permission bypass vulnerability for unauthorized administrators through the Audit Log REST API | 3.1 | |
| 5.0.57, 5.0.56, 5.0.55 (LTS), 5.0.42 | GN-26315 | WebUI | Improved two-step verification to limit the number of times the verification code can be entered and the time limit | 4.3 | |
| 5.0.57, 5.0.56, 5.0.55 (LTS) | GN-27492 | WebUI | Tomcat version upgrade (8.5.94 -> 8.5.96/9.0.81 -> 9.0.83) | 7.5 | |
| 5.0.57, 5.0.56, 5.0.55 (LTS) | GN-27278 | WebUI | Tomcat version upgrade (8.5.94/9.0.81) | 7.5 | |
| 5.0.57, 5.0.56, 5.0.42 | GN-26600 | WebUI | The problem of not being able to log in after an abnormal API call | 5.0.42, 5.0.49, 6.0.7, 4.0.156, 5.0.56 | 5.3 |
| 5.0.56, 5.0.55 (LTS), 5.0.53, 5.0.42 | GN-26814 | Center | Code improvements to Bufferoverflow | 2 | |
| 5.0.56, 5.0.55 (LTS), 5.0.42 | GN-26865 | WebUI | XSS input vulnerability in dashboard widget settings | 1.2 | |
| 5.0.56, 5.0.55 (LTS), 5.0.42 | GN-26835 | Center | Command Injection vulnerability via SQL used to update data | 6.6 | |
| 5.0.56, 5.0.55 (LTS), 5.0.42 | GN-26833 | Sensor | nmap script tampering vulnerability during sensor NMDB update | 4.1 | |
| 5.0.56, 5.0.55 (LTS), 5.0.42 | GN-26725 | Linux Agent, macOS Agent, Windows Agent | [Agent] Added validation for events sent from the Center and sensors | 6.3 | |
| 5.0.56, 5.0.55 (LTS), 5.0.42 | GN-26696 | Sensor | Insufficient validation of incoming sensor events | 6.3 | |
| 5.0.56, 5.0.55 (LTS), 5.0.42 | GN-26694 | Center | Parameter injection vulnerability due to insufficient verification of download URLs | 6.6 | |
| 5.0.56, 5.0.55 (LTS), 5.0.42 | GN-26383 | WebUI | Vulnerability where html/script code can be injected | 5.3 | |
| 5.0.56, 5.0.55 (LTS) | GN-26935 | WebUI | Vulnerability where an html tag output as a department name is executed in a tree | 5.0.0 | 1.2 |
| 5.0.55 (LTS) | GN-26222 | WebUI | A problem where redirection can be performed by modulating the returnURL parameter used when moving pages in the management console | 1.9 | |
| 5.0.54, 5.0.53, 5.0.50, 5.0.42 | GN-26460 | Windows Agent | A vulnerability that allows an ordinary user to obtain PC administrator rights via an agent | 5.0.0, 6.0.0 | 4.6 |
| 5.0.54, 5.0.53, 5.0.50, 5.0.42 | GN-26392 | WebUI | Vulnerability that allows unprivileged administrators to download debug logs | 2.9 | |
| 5.0.54, 5.0.53, 5.0.50, 5.0.42 | GN-26368 | WebUI | Vulnerability where an administrator's API key is exposed to other administrators | 5.3 | |
| 5.0.54 | GN-26391 | WebUI | Vulnerability where an unauthorized administrator can view debug logs in real time | 5.0.0, 6.0.0 | 2.9 |
| 5.0.53, 5.0.50, 5.0.42 | GN-26286 | WebUI | An issue where Google OTP 2-step verification can pass 2-step verification by receiving a new security key | 6.5 | |
| 5.0.53, 5.0.50, 5.0.42 | GN-26205 | Database | MySQL version upgrade 5.7.40 -> 5.7.41 | ||
| 5.0.53, 5.0.50, 5.0.42 | GN-26062 | Center, macOS Agent, Sensor, Windows Agent | OpenSSL 1.1.1t upgrade - Passing random pointers to memcmp calls can read memory contents or cause denial of service | 7.4 | |
| 5.0.53, 5.0.50 | GN-26150 | WebUI | Tomcat version upgrade (9.0.68 -> 9.0.72, 8.5.78 -> 8.5.86) | ||
| 5.0.53, 5.0.50 | GN-25869 | CWP | A problem where only an account (ID) is authenticated when CWP is authenticated using the agent user authentication menu when the IP management message is first on | 6.0.3, 5.0.46 | 3.4 |
| 5.0.51, 5.0.50, 5.0.42 | GN-26000 | MySQL | MySQL version upgrade 5.7.33 -> 5.7.40 | ||
| 5.0.50, 5.0.42 | GN-26051 | WebUI | 5.0 WebUI lib vulnerability check | ||
| 5.0.50, 5.0.42 | GN-25982 | WebUI | CSP and HSTS headers added to WebUI Response Headers | ||
| 5.0.50, 5.0.42 | GN-25925 | IPMGMT, WebUI | IP Application System > IP Application Screen XSS Possible Problems | 5.4 | |
| 5.0.50, 5.0.42 | GN-25875 | Windows Agent | A problem where agents have high privileges when running a web browser | 4.0.0, 5.0.0, 6.0.0 | 3.3 |
| 5.0.50, 5.0.42 | GN-25847 | WebUI | Added a re-authentication procedure when accessing the user information modification page on the CWP screen | 4.2 | |
| 5.0.50, 5.0.42 | GN-25740 | WebUI | Issues where XSS is possible in Audit > Logs > Log search bar | 5.6 | |
| 5.0.50 | GN-25811 | IPMGMT | A problem where you can log in with only a user ID via frontpage in the IP application system | 4.9 | |
| 5.0.50 | GN-25250 | WebUI | Possible problems with XSS when/is appended after the HTML Tag string | 4.9 | |
| 5.0.50 | GN-23677 | Center, Sensor | Administrator approval system to enhance security when registering sensor policy servers | 7.9 | |
| 5.0.49, 5.0.42 | GN-25753 | WebUI | Improved so that CWP does not redirect to an illegal path via the PAGEFW parameter | 4.2 | |
| 5.0.49, 5.0.42 | GN-25561 | WebUI | Blind SQL Injection vulnerability in node search bar | 5.3 | |
| 5.0.49, 5.0.42 | GN-25184 | Sensor | Modified Dnsmasq to not cache query results in order to prevent DNS Cache Attacks | 3.7 | |
| 5.0.49, 5.0.42 | GN-25119 | macOS Agent | Upgrade to the latest versions of macOS Agent, OpenVPN (2.5.7), and OpenSSL (1.1.1q) | 5.3 | |
| 5.0.49 | GN-25193 | WebUI | [Universal OS Ubuntu] Management Console > An issue where the 'X-Frame-Options' header on the CWP Design Template list page is displayed as allowall | 6.5 | |
| 5.0.48, 5.0.42 | GN-25438 | Center, Sensor | Improved the _filelist.html file to be generated differently for each center | 3 | |
| 5.0.48, 5.0.42 | GN-25306 | WebUI | A problem where usable method information is output through an unused HTTP-method | 5.3 | |
| 5.0.47, 5.0.42 | GN-25104 | Center, macOS Agent, Sensor, Windows Agent | Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1q) | 5.3 | |
| 5.0.47, 5.0.42 | GN-25064 | WebUI | Web service vulnerability improved so that Apache WAS information is not exposed | 4.0.119, 5.0.16 | 2.5 |
| 5.0.47 | GN-23947 | Windows Agent | Windows Agent Secure Coding Check Results Vulnerability Patch | 5.0.0, 6.0.0 | |
| 5.0.46, 5.0.42 | GN-24917 | Center, macOS Agent, Sensor, Windows Agent | Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1o) | 9.8 | |
| 5.0.46, 5.0.42 | GN-24908 | WebUI | Tomcat version upgrade (8.5.78) | 8.6 | |
| 5.0.46, 5.0.42 | GN-24851 | Center | Apache HTTP Server 2.4.53 upgrade | 9.8 | |
| 5.0.45, 5.0.42 | GN-24689 | WebUI | Issues where XSS is possible in Audit > Logs > Log Search | 4.3 | |
| 5.0.45, 5.0.42 | GN-24687 | WebUI | An issue where files can be accessed by relative paths on the debug log screen | 3.83 | |
| 5.0.45, 5.0.42 | GN-24651 | Center, macOS Agent, Windows Agent | Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1n) | 4.0.0, 5.0.0, 6.0.0 | 7.5 |
| 5.0.45, 5.0.42 | GN-24535 | WebUI | Remove logstash | 5.9 | |
| 5.0.44, 5.0.42 | GN-24305 | GNOS | 2.4.52 version upgrade for Apache vulnerability measures | 9.8 | |
| 5.0.44, 5.0.42 | GN-24253 | WebUI | log4j vulnerability improvements | 9.8 | |
| 5.0.42 | GN-24030 | GNOS | Removing the reverse shell feature from the netcat (nc) command included with the product | ||
| 5.0.42 | GN-24014 | Center | SOAP/REST restrictions that can be called via HTTP | 2.5 | |
| 5.0.42 | GN-23981 | macOS Agent, Windows Agent | An abnormal termination issue due to packet manipulation of UDP events to the agent | 3.4 | |
| 5.0.42 | GN-23977 | macOS Agent, Windows Agent | Fixed an XSS vulnerability when the agent displayed instant messages | 6.8 | |
| 5.0.42 | GN-23972 | Center, Sensor | A problem where the daemon may terminate abnormally when processing UDP event packets | 5.0.36 | 6.4 |
| 5.0.42 | GN-23970 | WebUI | Administrator login bypass vulnerability using mobile apps | 6.1 | |
| 5.0.42 | GN-23967 | WebUI | REST API Command Injection | 6.7 | |
| 5.0.42 | GN-23966 | WebUI | XSS attack vulnerability when applying as an Excel file when applying as a CWP user | 6.8 | |
| 5.0.42 | GN-23965 | WebUI | Internal file download vulnerability via a relative path on the Agent Download page | 5.0.37 | 5.2 |
| 5.0.42 | GN-23794 | WebUI | A problem where the REST API can be called even if there is no valid authentication base when calling the REST API | 4.9 | |
| 5.0.42 | GN-23743 | Center | Improving Denial of Service (DoS) vulnerabilities through APIs | 6.4 | |
| 5.0.42 | GN-23714 | Center | Complementing agent-related APIs with poor authentication | 4.6 | |
| 5.0.42 | GN-23708 | Center | Complementing sensor-related APIs with poor authentication | 4.6 | |
| 5.0.42 | GN-23706 | Center | Internally used SOAP API vulnerability exposed externally via RPC | ||
| 5.0.42 | GN-23705 | WebUI | (KVE-2021-1062) Enhanced name validity check for the file upload component in Conf Engine | 6.7 | |
| 5.0.42 | GN-23702 | WebUI | (KVE-2021-1062) SSTI vulnerability in CWP Design Template | ||
| 5.0.42 | GN-23701 | Windows Agent | (KVE-2021-1062) Vulnerability where relative paths can be used when generating agent files | 6.1 | |
| 5.0.42 | GN-23700 | Center | (KVE-2021-1061) A vulnerability that allows a node to change passwords even if you are not an authenticated user | 8.7 | |
| 5.0.42 | GN-23699 | Center, Sensor | (KVE-2021-1061) Vulnerability where information from all nodes can be obtained without sensor information | ||
| 5.0.42 | GN-23663 | macOS Agent, Windows Agent | Agent OpenSSL 1.1.1l update | 9.8 | |
| 5.0.42 | GN-23662 | GNOS | Upgraded to openSSL version 1.1.1l | 4.0.146, 5.0.44, 6.0.1 | 9.8 |
| 5.0.42 | GN-23578 | WebUI | REST API vulnerability improvements | 6.8 | |
| 5.0.42 | GN-23563 | Center | Fixes to defend against command injection attacks | 8 | |
| 5.0.42 | GN-23533 | Center | Improved so that unusable plug-ins are not delivered to agents | 7.6 | |
| 5.0.42 | GN-23500 | Center | Improved SQL Injection defense processing method | 8.7 | |
| 5.0.42 | GN-23499 | GNOS | Remove the vulnerable LD_LIBRARY_PATH environment variable within GNOS | ||
| 5.0.42 | GN-23488 | WebUI | [SaaS] SaaS security authentication WAS (Tomcat) vulnerability improvements | 7.5 | |
| 5.0.42 | GN-23446 | gnlogin, WebUI | Handle passwords so that specific words cannot be used | 8.7 | |
| 5.0.42 | GN-23377 | GNOS | Upgrading openssh to version 8.6p1 | ||
| 5.0.42 | GN-23358 | WebUI | [CC] Web vulnerability check results security | 6.5 | |
| 5.0.42 | GN-23237 | GenianOS | Apache httpd (2.4.48)/tomcat (8.5.63) upgrade | 7.5 | |
| 5.0.42 | GN-23233 | ElasticSearch | [CC] Elasticsearch upgraded to version 5.6.16 | 8.8 | |
| 5.0.42 | GN-23055 | WebUI | Secure coding inspection result vulnerability patch - javascript | 5.0.42 | |
| 5.0.42 | GN-22473 | Center | Improved secure coding check results - using insufficient random values | 7.5 | |
| 5.0.41 | GN-22872 | -Unknown/None- | openssl 1.1.1k patch | 7.4 | |
| 5.0.41 | GN-22747 | Database | GNOS MySQL 5.7 upgrade | ||
| 5.0.41 | GN-22558 | -Unknown/None- | Version upgrade to fix the DNSMASQ vulnerability | 8.1 | |
| 5.0.41 | GN-22551 | WebUI | Secure Coding Check Result Vulnerability Patch - Java Code | 9.3 | |
| 5.0.41 | GN-22475 | Center | Improved secure coding check results - error condition detection without action | 1.8 | |
| 5.0.41 | GN-21728 | -Unknown/None- | OpenSSL upgrade (1.0.2u -> 1.1.1j) | 9.8 | |
| 5.0.40 | GN-22461 | WebUI | Tomcat version upgrade (7.0.104 --> 7.0.107/8.5.55 --> 8.5.61) | 5.9 | |
| 5.0.39 | GN-21985 | WebUI | Management console vulnerability improvements (XSS attacks, error code exposure) | 4.3 | |
| 5.0.38 | GN-21396 | WebUI | Improved to restrict SQL syntax and system variables that cannot be used in the node management search bar | 4.5 | |
| 5.0.37 | GN-21879 | WebUI | Improving authentication rights theft through CWP vulnerabilities | 6.2 | |
| 5.0.36, 5.0.35 | GN-21843 | Center | Modified to escape parameter values in excepted SOAP APIs that do not check SQL injections | ||
| 5.0.35 | GN-21647 | Database | MySQL upgrade (5.6.47 -> 5.6.48) | ||
| 5.0.34 | GN-21766 | Center | Improved audit log when uploading from Genian Syncer to the center | ||
| 5.0.34 | GN-21513 | WebUI | Fixed an issue where a dedicated error page was not displayed when a 501 error occurred due to a web vulnerability | 0.6 | |
| 5.0.33 | GN-21641 | macOS Agent, Windows Agent | Agent upgraded to the latest version of openSSL (OpenSSL 1.0.2u) | ||
| 5.0.33 | GN-21640 | GenianOS | Upgrading to the latest version of openSSL (OpenSSL 1.0.2u) | ||
| 5.0.33 | GN-21397 | WebUI | Tomcat version upgrade 7.0.100 --> 7.0.104/8.5.51 --> 8.5.55 | 7 | |
| 5.0.33 | GN-21386 | GenianOS | Apache httpd 2.4.43 upgrade | ||
| 5.0.32 | GN-21181 | Database | MySQL upgrade (5.6.41 -> 5.6.47) and file permission changes | ||
| 5.0.32 | GN-21084 | WebUI | Management console vulnerability improvements | 7.5 | |
| 5.0.31 | GN-20848 | WebUI | Security vulnerability improvements - File upload extension bypass, access to files in the /disk/data/custom folder without authentication on the web, etc. | 5.3 | |
| 5.0.30 | GN-20928 | WebUI | Tomcat version upgrade 7.0.99 --> 7.0.100/8.0.53 --> 8.5.51 | 4.8 | |
| 5.0.30 | GN-20875 | WebUI | Improved GET cross-site scripting (XSS) vulnerability | 1.6 | |
| 5.0.30 | GN-20874 | GNOS | Bash vulnerability (shellshock) patch | 4.1.3 | |
| 5.0.28 | GN-20471 | Center | Upgrading to the latest version of openSSL (OpenSSL 1.0.2t) | ||
| 5.0.28 | GN-20443 | macOS Agent, Windows Agent | Agent upgraded to the latest version of openSSL (OpenSSL 1.0.2t) | ||
| 5.0.27 | GN-18882 | WebUI | Improved management console vulnerabilities discovered by the OWASP ZAP tool | ||
| 5.0.21 | GN-19317 | GenianOS | Version patch due to the opensshd vulnerability | 5.0.8, 4.0.111, 4.0.34 | |
| 5.0.19 | GN-19203 | Center, WebUI | Apache httpd 2.4.39 upgrade | ||
| 5.0.17 | GN-19044 | GenianOS | Upgrading to the latest version of openSSL (OpenSSL 1.0.2r) | ||
| 5.0.17 | GN-18607 | WebUI | tomcat-connectors version upgrade |