Genian ZTNA Security Advisories

Last Updated: 2021-12-06

Security Vulnerability

<<<<<<< .mine

"6.0.9","GN-25753","WebUI","Improved to prevent CWP from redirecting to illegal routes via the PAGEFW parameter","",4.2 "6.0.9","GN-25746","Center, Sensor","Secure coding check results and vulnerability patch","", "6.0.9","GN-25438","Center, Sensor","Improved the _filelist.html file to be generated differently for each center","",3 "6.0.8","GN-25561","WebUI","Node search bar Blind SQL Injection vulnerability","",5.3 "6.0.8","GN-25184","Sensor","Fixed so that Dnsmasq does not cache query results to prevent DNS Cache Attacks","",3.7 "6.0.8","GN-23677","Center, Sensor","Administrator approval system for enhanced security when registering sensor policy servers","",7.9 "6.0.7","GN-25387","Database, WebUI","Policy > The issue of not applying a management role to Cloud Security Group Policy","",3.5 "6.0.7","GN-25309","Center, Sensor","CSAP (SaaS) security certification review source code vulnerability measures - C/C++","",7.5 "6.0.7","GN-25250","WebUI","Possible problems with XSS when adding/after the HTML Tag string ","",4.9 "6.0.7","GN-25239","WebUI","Tomcat version upgrade (8.5.78 -> 9.0.65)","",7.5 "6.0.7","GN-25237","WebUI","CSAP (SaaS) security certification review source code vulnerability measures","",0 "6.0.7","GN-25193","WebUI","[Universal OS Ubuntu] Admin Console > CWP Design Template list page “X-Frame-Options” header is displayed as allowall","",6.5 "6.0.7","GN-25119","macOS Agent","Upgrade to the latest versions of macOS Agent, OpenVPN (2.5.7), and OpenSSL (1.1.1q)","",5.3 "6.0.6","GN-25306","WebUI","A problem where usable method information is output through an unused HTTP-method","",5.3 "6.0.6","GN-25110","Linux Agent","Upgrade to the latest versions of Linux Agent, OpenVPN (2.5.7), and OpenSSL (1.1.1q)","",5.3 "6.0.5","GN-25104","Center, macOS Agent, Sensor, Windows Agent","Upgrade to the latest version of OpenSSL (OpenSSL 1.1.1q)","",5.3 "6.0.5","GN-24782","WebUI","Library upgrades based on vulnerability checks","",9.8 "6.0.4","GN-25064","WebUI","Improved web service vulnerability so that Apache WAS information is not exposed","4.0.119, 5.0.16",2.5 "6.0.4","GN-24583","WebUI","Lib upgrade where a vulnerability was found in the Java lib used by the WebUI ","",9.8 "6.0.4","GN-23947","Windows Agent","윈도우 에이전트 Secure coding check results and vulnerability patch","5.0.0, 6.0.0", "6.0.3","GN-24917","Center, macOS Agent, Sensor, Windows Agent","Upgrade to the latest version of OpenSSL (OpenSSL 1.1.1o)","",9.8 "6.0.3","GN-24908","WebUI","Tomcat version upgrade (8.5.78)","",8.6 "6.0.3","GN-24851","Center","Apache HTTP Server 2.4.53 upgrade","",9.8 "6.0.2","GN-24689","WebUI","An issue where XSS is possible in Audit > Logs > Log Search","",4.3 "6.0.2","GN-24687","WebUI","An issue where files can be accessed from the debug log screen using a relative path","",3.83 "6.0.2","GN-24651","Center, macOS Agent, Windows Agent","Upgrade to the latest version of OpenSSL (OpenSSL 1.1.1n)","4.0.0, 5.0.0, 6.0.0",7.5 "6.0.2","GN-24535","WebUI","Remove logstash","",5.9 "6.0.17 (R), 6.0.16 (LTS)","GN-27278","WebUI","Tomcat Version Upgrade (8.5.94/9.0.81)","",7.5 "6.0.17 (R)","GN-26600","WebUI","The problem of not being able to log in after an abnormal API call","5.0.42 (LTS), 5.0.49, 6.0.7, 4.0.156, 5.0.56 (50 LTS)",5.3 "6.0.16 (LTS)","GN-27014","WebUI","The problem of being able to register a passkey using the Passkey re-registration function without permission ","",3.9 "6.0.16 (LTS)","GN-26935","WebUI","Vulnerability where the html tag output with the department name is executed in a tree","5.0.0",1.2 "6.0.16 (LTS)","GN-26835","Center","Command injection vulnerability via SQL used to update data","",6.6 "6.0.16 (LTS)","GN-26833","Sensor","nmap script tampering vulnerability during sensor NMDB update process","",4.1 "6.0.16 (LTS)","GN-26696","Sensor","Lack of verification of sensor reception events","",6.3 "6.0.16 (LTS)","GN-26694","Center","Parameter injection vulnerability due to poor download URL verification","",6.6 "6.0.16 (LTS)","GN-26383","WebUI","Vulnerability where html/script code can be injected","",5.3 "6.0.15","GN-26725","Linux Agent, macOS Agent, Windows Agent","[Agent] Added validation for events sent from centers and sensors","",6.3 "6.0.15","GN-26498","WebUI","The problem of being able to register the same Passkeys to different users using the data sent when creating Passkeys","",5.7 "6.0.15","GN-26392","WebUI","Vulnerability that allows unauthorized administrators to download debug logs","",2.9 "6.0.15","GN-26368","WebUI","Vulnerability where the administrator's API key is exposed to other administrators","",5.3 "6.0.15","GN-26222","WebUI","A problem where you can redirect by modulating the returnURL parameter used when moving pages in the management console","",1.9 "6.0.14","GN-26460","Windows Agent","Vulnerability that allows a general user to obtain PC administrator rights through an agent","5.0.0, 6.0.0",4.6 "6.0.14","GN-26391","WebUI","A vulnerability where an unauthorized administrator can view debug logs in real time","5.0.0, 6.0.0",2.9 "6.0.13","GN-26286","WebUI","The problem of being able to pass two-step verification by receiving a new security key from Google OTP two-step verification","",6.5 "6.0.12","GN-26205","Database","mysql version upgrade 5.7.40 -> 5.7.41","", "6.0.12","GN-26150","WebUI","Tomcat version upgrade (9.0.68 -> 9.0.72, 8.5.78 -> 8.5.86)","", "6.0.12","GN-26062","Center, macOS Agent, Sensor, Windows Agent","OpenSSL 1.1.1t upgrade - passing random pointers to memcmp calls may read memory contents or cause denial of service","",7.4 "6.0.12","GN-26000","MySQL","mysql version upgrade 5.7.33 -> 5.7.40","", "6.0.12","GN-25869","CWP","An issue where the IP management message is first turned on and CWP authentication is only authenticated as an account (ID) when the agent user authentication menu is on","6.0.3, 5.0.46",3.4 "6.0.11","GN-25982","WebUI","CSP and HSTS headers added to WebUI Response Header ","", "6.0.11","GN-25875","Windows Agent","An issue where the agent has high privileges when running a web browser","4.0.0, 5.0.0, 6.0.0",3.3 "6.0.11","GN-25849","WebUI","WebUI lib vulnerability item check","", "6.0.11","GN-25811","IPMGMT","The problem of being able to log in with only a user ID via frontpage in the IP application system","",4.9 "6.0.10","GN-25925","IPMGMT, WebUI","IP Application System > Possible problems with IP application screen XSS","",5.4 "6.0.10","GN-25847","WebUI","Added a re-authentication procedure when accessing the user information modification page on the CWP screen","",4.2 "6.0.10","GN-25740","WebUI","An issue where XSS is possible in the Audit > Logs > Logs search bar","",5.6 "6.0.1","GN-24305","GNOS","2.4.52 version upgrade for Apache vulnerability countermeasures","",9.8 "6.0.1","GN-24253","WebUI","log4j vulnerability improvements","",9.8 "6.0.1","GN-23714","Center","Supplementing agent-related APIs with insufficient authentication processing","",4.6 "6.0.1","GN-23461","WebUI","[SaaS] Saas security certification source code inspection results and actions","",9.1 "6.0.1","GN-23446","gnlogin, WebUI","Process passwords so that specific words cannot be used","",8.7 "6.0.0","GN-24030","GNOS","Remove the reverse shell function from the netcat (nc) command included with the product","", "6.0.0","GN-24014","Center","SOAP/REST restrictions that can be called with HTTP","",2.5 "6.0.0","GN-23981","macOS Agent, Windows Agent","An abnormal termination issue due to packet manipulation of UDP events on the agent","",3.4 "6.0.0","GN-23977","macOS Agent, Windows Agent","Fixed an XSS vulnerability that exists when the agent displays an instant message","",6.8 "6.0.0","GN-23972","Center, Sensor","A problem where the daemon may stop abnormally when processing UDP event packets","5.0.36",6.4 "6.0.0","GN-23970","WebUI","Admin login bypass vulnerability using mobile app","",6.1 "6.0.0","GN-23967","WebUI","REST API Command Injection","",6.7 "6.0.0","GN-23966","WebUI","Possible XSS attack vulnerability when applying as a CWP user when applying as an Excel file","",6.8 "6.0.0","GN-23965","WebUI","Internal file download vulnerability via relative path on agent download page","5.0.37",5.2 "6.0.0","GN-23794","WebUI","A problem that can be called even if a valid authentication root does not exist when calling the REST API","",4.9 "6.0.0","GN-23743","Center","Improving Denial of Service (DoS, Denial of Service) vulnerabilities through APIs","",6.4 "6.0.0","GN-23708","Center","Supplementing sensor-related APIs that lack authentication processing","",4.6 "6.0.0","GN-23706","Center","Vulnerabilities in the SOAP API used internally exposed to the outside through RPC","", "6.0.0","GN-23705","WebUI","(KVE-2021-1062) Enhanced name validation for file upload components in Conf Engine","",6.7 "6.0.0","GN-23702","WebUI","(KVE-2021-1062) SSTI vulnerability in CWP Design Template","", "6.0.0","GN-23701","Windows Agent","(KVE-2021-1062) Vulnerability where a relative path can be used when creating an agent file","",6.1 "6.0.0","GN-23700","Center","(KVE-2021-1061) Vulnerability where a password can be changed even if the user is not an authenticated user on the node","",8.7 "6.0.0","GN-23699","Center, Sensor","(KVE-2021-1061) Vulnerability where information on all nodes can be obtained without sensor information","", "6.0.0","GN-23663","macOS Agent, Windows Agent","Agent OpenSSL 1.1.1l update","",9.8 "6.0.0","GN-23662","GNOS","upgrade to openSSL version 1.1.1l","4.0.146, 5.0.44, 6.0.1",9.8 "6.0.0","GN-23563","Center","Fixes to defend against command injection attacks","",8 "6.0.0","GN-23533","Center","Improved so that unusable plug-ins are not delivered to agents","",7.6 "6.0.0","GN-23500","Center","Improved processing method for SQL injection defense","",8.7 "6.0.0","GN-23499","GNOS","Removal of the vulnerable LD_LIBRARY_PATH environment variable inside GNOS","", "6.0.0","GN-23488","WebUI","[SaaS] SaaS security certification WAS (Tomcat) vulnerability improvement","",7.5 "6.0.0","GN-23377","GNOS","upgrade to openssh version 8.6p1","", "6.0.0","GN-23358","WebUI","[CC] Web vulnerability check results security","",6.5 "6.0.0","GN-23237","GenianOS","Apache httpd (2.4.48) /tomcat (8.5.63) upgrade","",7.5 "6.0.0","GN-23233","ElasticSearch","[CC] Upgrading to elasticsearch 5.6.16","",8.8

||||||| .r130974

"6.0.9","GN-25753","WebUI","Improved so that CWP does not redirect to an illegal path via the PAGEFW parameter","",4.2 "6.0.9","GN-25746","Center, Sensor","Secure coding inspection results vulnerability patch","", "6.0.9","GN-25438","Center, Sensor","Improved the _filelist.html file to be generated differently for each center","",3 "6.0.8","GN-25561","WebUI","Blind SQL Injection vulnerability in node search bar","",5.3 "6.0.8","GN-25184","Sensor","Modified Dnsmasq to not cache query results in order to prevent DNS Cache Attacks","",3.7 "6.0.8","GN-23677","Center, Sensor","Administrator approval system to enhance security when registering sensor policy servers","",7.9 "6.0.7","GN-25387","Database, WebUI","Issues where management roles are not applied to Policy > Cloud Security Group Policy","",3.5 "6.0.7","GN-25309","Center, Sensor","CSAP (SaaS) security certification audit source code vulnerability measures - C/C++","",7.5 "6.0.7","GN-25250","WebUI","Possible problems with XSS when/is appended after the HTML Tag string ","",4.9 "6.0.7","GN-25239","WebUI","Tomcat version upgrade (8.5.78 -> 9.0.65)","",7.5 "6.0.7","GN-25237","WebUI","CSAP (SaaS) security certification audit source code vulnerability measures","",0 "6.0.7","GN-25193","WebUI","[Universal OS Ubuntu] Management Console > An issue where the 'X-Frame-Options' header on the CWP Design Template list page is displayed as allowall","",6.5 "6.0.7","GN-25119","macOS Agent","Upgrade to the latest versions of macOS Agent, OpenVPN (2.5.7), and OpenSSL (1.1.1q)","",5.3 "6.0.6","GN-25306","WebUI","A problem where usable method information is output through an unused HTTP-method","",5.3 "6.0.6","GN-25110","Linux Agent","Upgrading Linux Agent, OpenVPN (2.5.7), and OpenSSL (1.1.1q) to the latest versions","",5.3 "6.0.5","GN-25104","Center, macOS Agent, Sensor, Windows Agent","Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1q)","",5.3 "6.0.5","GN-24782","WebUI","Library upgrades based on vulnerability checks","",9.8 "6.0.4","GN-25064","WebUI","Web service vulnerability improved so that Apache WAS information is not exposed","4.0.119, 5.0.16",2.5 "6.0.4","GN-24583","WebUI","A lib upgrade where a vulnerability was discovered in the Java lib used by WebUI ","",9.8 "6.0.4","GN-23947","Windows Agent","Windows Agent Secure coding inspection results vulnerability patch","5.0.0, 6.0.0", "6.0.3","GN-24917","Center, macOS Agent, Sensor, Windows Agent","Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1o)","",9.8 "6.0.3","GN-24908","WebUI","Tomcat version upgrade (8.5.78)","",8.6 "6.0.3","GN-24851","Center","Apache HTTP Server 2.4.53 upgrade","",9.8 "6.0.28 (R-1)","GN-26452","WebUI","A vulnerability that can modify a user's immutable information","5.0.0, 6.0.0",2.2 "6.0.22","GN-26723","WebUI","Vulnerability fixes that are not immediately reflected when the administrator's rights are changed","",3.3 "6.0.21, 6.0.16","GN-28063","WebUI","A problem where blind injection is possible in the node management search bar","",2.2 "6.0.20, 6.0.16","GN-27107","WebUI","Service disabled by executing a Tomcat restart command by an unauthorized administrator","5.0.41",2.7 "6.0.2","GN-24689","WebUI","Issues where XSS is possible in Audit > Logs > Log Search","",4.3 "6.0.2","GN-24687","WebUI","An issue where files can be accessed by relative paths on the debug log screen","",3.83 "6.0.2","GN-24651","Center, macOS Agent, Windows Agent","Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1n)","4.0.0, 5.0.0, 6.0.0",7.5 "6.0.2","GN-24535","WebUI","Remove logstash","",5.9 "6.0.18, 6.0.16","GN-26393","WebUI","Vulnerability where information can be modified by directly entering a URL to an unauthorised page","",3.1 "6.0.18, 6.0.16","GN-26390","WebUI","File export permission bypass vulnerability for unauthorized administrators through the Audit Log REST API","",3.1 "6.0.17, 6.0.16","GN-27492","WebUI","Tomcat version upgrade (8.5.94 -> 8.5.96/9.0.81 -> 9.0.83)","",7.5 "6.0.17, 6.0.16","GN-27278","WebUI","Tomcat version upgrade (8.5.94/9.0.81)","",7.5 "6.0.17, 6.0.16","GN-26315","WebUI","Improved two-step verification to limit the number of times the verification code can be entered and the time limit","",4.3 "6.0.17","GN-26600","WebUI","The problem of not being able to log in after an abnormal API call","5.0.42, 5.0.49, 6.0.7, 4.0.156, 5.0.56",5.3 "6.0.16","GN-27014","WebUI","A problem where Passkey can be registered using the Passkey re-registration function without permission ","",3.9 "6.0.16","GN-26935","WebUI","Vulnerability where an html tag output as a department name is executed in a tree","5.0.0",1.2 "6.0.16","GN-26835","Center","Command Injection vulnerability via SQL used to update data","",6.6 "6.0.16","GN-26833","Sensor","nmap script tampering vulnerability during sensor NMDB update","",4.1 "6.0.16","GN-26696","Sensor","Insufficient validation of incoming sensor events","",6.3 "6.0.16","GN-26694","Center","Parameter injection vulnerability due to insufficient verification of download URLs","",6.6 "6.0.16","GN-26383","WebUI","Vulnerability where html/script code can be injected","",5.3 "6.0.15","GN-26814","Center","Code improvements to Bufferoverflow","",2 "6.0.15","GN-26725","Linux Agent, macOS Agent, Windows Agent","[Agent] Added validation for events sent from the Center and sensors","",6.3 "6.0.15","GN-26392","WebUI","Vulnerability that allows unprivileged administrators to download debug logs","",2.9 "6.0.15","GN-26368","WebUI","Vulnerability where an administrator's API key is exposed to other administrators","",5.3 "6.0.15","GN-26222","WebUI","A problem where redirection can be performed by modulating the returnURL parameter used when moving pages in the management console","",1.9 "6.0.14","GN-26460","Windows Agent","A vulnerability that allows an ordinary user to obtain PC administrator rights via an agent","5.0.0, 6.0.0",4.6 "6.0.14","GN-26391","WebUI","Vulnerability where an unauthorized administrator can view debug logs in real time","5.0.0, 6.0.0",2.9 "6.0.13","GN-26286","WebUI","An issue where Google OTP 2-step verification can pass 2-step verification by receiving a new security key","",6.5 "6.0.12","GN-26205","Database","MySQL version upgrade 5.7.40 -> 5.7.41","", "6.0.12","GN-26150","WebUI","Tomcat version upgrade (9.0.68 -> 9.0.72, 8.5.78 -> 8.5.86)","", "6.0.12","GN-26062","Center, macOS Agent, Sensor, Windows Agent","OpenSSL 1.1.1t upgrade - Passing random pointers to memcmp calls can read memory contents or cause denial of service","",7.4 "6.0.12","GN-26000","MySQL","MySQL version upgrade 5.7.33 -> 5.7.40","", "6.0.12","GN-25869","CWP","A problem where only an account (ID) is authenticated when CWP is authenticated using the agent user authentication menu when the IP management message is first on","6.0.3, 5.0.46",3.4 "6.0.11","GN-25982","WebUI","CSP and HSTS headers added to WebUI Response Headers ","", "6.0.11","GN-25875","Windows Agent","A problem where agents have high privileges when running a web browser","4.0.0, 5.0.0, 6.0.0",3.3 "6.0.11","GN-25849","WebUI","WebUI lib vulnerability check","", "6.0.11","GN-25811","IPMGMT","A problem where you can log in with only a user ID via frontpage in the IP application system","",4.9 "6.0.10","GN-25925","IPMGMT, WebUI","IP Application System > IP Application Screen XSS Possible Problems","",5.4 "6.0.10","GN-25847","WebUI","Added a re-authentication procedure when accessing the user information modification page on the CWP screen","",4.2 "6.0.10","GN-25740","WebUI","Issues where XSS is possible in Audit > Logs > Log search bar","",5.6 "6.0.1","GN-24305","GNOS","2.4.52 version upgrade for Apache vulnerability measures","",9.8 "6.0.1","GN-24253","WebUI","log4j vulnerability improvements","",9.8 "6.0.1","GN-23714","Center","Complementing agent-related APIs with poor authentication","",4.6 "6.0.1","GN-23461","WebUI","[SaaS] Saas security authentication source code inspection result measures","",9.1 "6.0.1","GN-23446","gnlogin, WebUI","Handle passwords so that specific words cannot be used","",8.7 "6.0.0","GN-24030","GNOS","Removing the reverse shell feature from the netcat (nc) command included with the product","", "6.0.0","GN-24014","Center","SOAP/REST restrictions that can be called via HTTP","",2.5 "6.0.0","GN-23981","macOS Agent, Windows Agent","An abnormal termination issue due to packet manipulation of UDP events to the agent","",3.4 "6.0.0","GN-23977","macOS Agent, Windows Agent","Fixed an XSS vulnerability when the agent displayed instant messages","",6.8 "6.0.0","GN-23972","Center, Sensor","A problem where the daemon may terminate abnormally when processing UDP event packets","5.0.36",6.4 "6.0.0","GN-23970","WebUI","Administrator login bypass vulnerability using mobile apps","",6.1 "6.0.0","GN-23967","WebUI","REST API Command Injection","",6.7 "6.0.0","GN-23966","WebUI","XSS attack vulnerability when applying as an Excel file when applying as a CWP user","",6.8 "6.0.0","GN-23965","WebUI","Internal file download vulnerability via a relative path on the Agent Download page","5.0.37",5.2 "6.0.0","GN-23794","WebUI","A problem where the REST API can be called even if there is no valid authentication base when calling the REST API","",4.9 "6.0.0","GN-23743","Center","Improving Denial of Service (DoS) vulnerabilities through APIs","",6.4 "6.0.0","GN-23708","Center","Complementing sensor-related APIs with poor authentication","",4.6 "6.0.0","GN-23706","Center","Internally used SOAP API vulnerability exposed externally via RPC","", "6.0.0","GN-23705","WebUI","(KVE-2021-1062) Enhanced name validity check for the file upload component in Conf Engine","",6.7 "6.0.0","GN-23702","WebUI","(KVE-2021-1062) SSTI vulnerability in CWP Design Template","", "6.0.0","GN-23701","Windows Agent","(KVE-2021-1062) Vulnerability where relative paths can be used when generating agent files","",6.1 "6.0.0","GN-23700","Center","(KVE-2021-1061) A vulnerability that allows a node to change passwords even if you are not an authenticated user","",8.7 "6.0.0","GN-23699","Center, Sensor","(KVE-2021-1061) Vulnerability where information from all nodes can be obtained without sensor information","", "6.0.0","GN-23663","macOS Agent, Windows Agent","Agent OpenSSL 1.1.1l update","",9.8 "6.0.0","GN-23662","GNOS","Upgraded to openSSL version 1.1.1l","4.0.146, 5.0.44, 6.0.1",9.8 "6.0.0","GN-23563","Center","Fixes to defend against command injection attacks","",8 "6.0.0","GN-23533","Center","Improved so that unusable plug-ins are not delivered to agents","",7.6 "6.0.0","GN-23500","Center","Improved SQL Injection defense processing method","",8.7 "6.0.0","GN-23499","GNOS","Remove the vulnerable LD_LIBRARY_PATH environment variable within GNOS","", "6.0.0","GN-23488","WebUI","[SaaS] SaaS security authentication WAS (Tomcat) vulnerability improvements","",7.5 "6.0.0","GN-23377","GNOS","Upgrading openssh to version 8.6p1","", "6.0.0","GN-23358","WebUI","[CC] Web vulnerability check results security","",6.5 "6.0.0","GN-23237","GenianOS","Apache httpd (2.4.48)/tomcat (8.5.63) upgrade","",7.5 "6.0.0","GN-23233","ElasticSearch","[CC] Elasticsearch upgraded to version 5.6.16","",8.8

>>>>>>> .r131085