Genian ZTNA Security Advisories
===================================================================================
Last Updated: 2024-04-01
Security Vulnerability
----------------------------------
.. csv-table::
:header: "Fixed Versions", "Key", "Components", "Description", "Affects Versions", "CVSS Score"
:class: datatable
:widths: 10 10 15 50 15 10
"6.0.9","`GN-25753 <https://ims.genians.com/jira/browse/GN-25753>`_","WebUI","Improved so that CWP does not redirect to an illegal path via the PAGEFW parameter","",4.2
"6.0.9","`GN-25746 <https://ims.genians.com/jira/browse/GN-25746>`_","Center, Sensor","Secure coding inspection results vulnerability patch","",
"6.0.9","`GN-25438 <https://ims.genians.com/jira/browse/GN-25438>`_","Center, Sensor","Improved the _filelist.html file to be generated differently for each center","",3
"6.0.8","`GN-25561 <https://ims.genians.com/jira/browse/GN-25561>`_","WebUI","Blind SQL Injection vulnerability in node search bar","",5.3
"6.0.8","`GN-25184 <https://ims.genians.com/jira/browse/GN-25184>`_","Sensor","Modified Dnsmasq to not cache query results in order to prevent DNS Cache Attacks","",3.7
"6.0.8","`GN-23677 <https://ims.genians.com/jira/browse/GN-23677>`_","Center, Sensor","Administrator approval system to enhance security when registering sensor policy servers","",7.9
"6.0.7","`GN-25387 <https://ims.genians.com/jira/browse/GN-25387>`_","Database, WebUI","Issues where management roles are not applied to Policy > Cloud Security Group Policy","",3.5
"6.0.7","`GN-25309 <https://ims.genians.com/jira/browse/GN-25309>`_","Center, Sensor","CSAP (SaaS) Security Certification Audit Source Code Vulnerability Measures - C/C++","",7.5
"6.0.7","`GN-25250 <https://ims.genians.com/jira/browse/GN-25250>`_","WebUI","Possible problems with XSS when/is appended after the HTML Tag string ","",4.9
"6.0.7","`GN-25239 <https://ims.genians.com/jira/browse/GN-25239>`_","WebUI","Tomcat version upgrade (8.5.78 -> 9.0.65)","",7.5
"6.0.7","`GN-25237 <https://ims.genians.com/jira/browse/GN-25237>`_","WebUI","CSAP (SaaS) security certification audit source code vulnerability measures","",0
"6.0.7","`GN-25193 <https://ims.genians.com/jira/browse/GN-25193>`_","WebUI","[Universal OS Ubuntu] Management Console > An issue where the 'X-Frame-Options' header on the CWP Design Template list page is displayed as allowall","",6.5
"6.0.7","`GN-25119 <https://ims.genians.com/jira/browse/GN-25119>`_","macOS Agent","Upgrade to the latest versions of macOS Agent, OpenVPN (2.5.7), and OpenSSL (1.1.1q)","",5.3
"6.0.6","`GN-25306 <https://ims.genians.com/jira/browse/GN-25306>`_","WebUI","A problem where usable method information is output through an unused HTTP-method","",5.3
"6.0.6","`GN-25110 <https://ims.genians.com/jira/browse/GN-25110>`_","Linux Agent","Upgrading Linux Agent, OpenVPN (2.5.7), and OpenSSL (1.1.1q) to the latest versions","",5.3
"6.0.5","`GN-25104 <https://ims.genians.com/jira/browse/GN-25104>`_","Center, macOS Agent, Sensor, Windows Agent","Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1q)","",5.3
"6.0.5","`GN-24782 <https://ims.genians.com/jira/browse/GN-24782>`_","WebUI","Library upgrades based on vulnerability checks","",9.8
"6.0.4","`GN-25064 <https://ims.genians.com/jira/browse/GN-25064>`_","WebUI","Web service vulnerability improved so that Apache WAS information is not exposed","4.0.119, 5.0.16",2.5
"6.0.4","`GN-24583 <https://ims.genians.com/jira/browse/GN-24583>`_","WebUI","A lib upgrade where a vulnerability was discovered in the Java lib used by WebUI ","",9.8
"6.0.4","`GN-23947 <https://ims.genians.com/jira/browse/GN-23947>`_","Windows Agent","윈ë„ìš° ì—ì´ì „트 Secure coding inspection results vulnerability patch","5.0.0, 6.0.0",
"6.0.32 (R-1)","`GN-26504 <https://ims.genians.com/jira/browse/GN-26504>`_","WebUI","Vulnerability where internal network information can be queried through CWP","5.0.0, 6.0.0",4.3
"6.0.3","`GN-24917 <https://ims.genians.com/jira/browse/GN-24917>`_","Center, macOS Agent, Sensor, Windows Agent","Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1o)","",9.8
"6.0.3","`GN-24908 <https://ims.genians.com/jira/browse/GN-24908>`_","WebUI","Tomcat version upgrade (8.5.78)","",8.6
"6.0.3","`GN-24851 <https://ims.genians.com/jira/browse/GN-24851>`_","Center","Apache HTTP Server 2.4.53 upgrade","",9.8
"6.0.28","`GN-26452 <https://ims.genians.com/jira/browse/GN-26452>`_","WebUI","A vulnerability that can modify a user's immutable information","5.0.0, 6.0.0",2.2
"6.0.27","`GN-23501 <https://ims.genians.com/jira/browse/GN-23501>`_","","Change REST API calls to be made only through the management console port (8443)","",
"6.0.22","`GN-26723 <https://ims.genians.com/jira/browse/GN-26723>`_","WebUI","Vulnerability fixes that are not immediately reflected when the administrator's rights are changed","",3.3
"6.0.21, 6.0.16","`GN-28063 <https://ims.genians.com/jira/browse/GN-28063>`_","WebUI","A problem where blind injection is possible in the node management search bar","",2.2
"6.0.20, 6.0.16","`GN-27107 <https://ims.genians.com/jira/browse/GN-27107>`_","WebUI","Service disabled by executing a Tomcat restart command by an unauthorized administrator","5.0.41",2.7
"6.0.2","`GN-24689 <https://ims.genians.com/jira/browse/GN-24689>`_","WebUI","Issues where XSS is possible in Audit > Logs > Log Search","",4.3
"6.0.2","`GN-24687 <https://ims.genians.com/jira/browse/GN-24687>`_","WebUI","An issue where files can be accessed by relative paths on the debug log screen","",3.83
"6.0.2","`GN-24651 <https://ims.genians.com/jira/browse/GN-24651>`_","Center, macOS Agent, Windows Agent","Upgrading to the latest version of OpenSSL (OpenSSL 1.1.1n)","4.0.0, 5.0.0, 6.0.0",7.5
"6.0.2","`GN-24535 <https://ims.genians.com/jira/browse/GN-24535>`_","WebUI","Remove logstash","",5.9
"6.0.18, 6.0.16","`GN-26393 <https://ims.genians.com/jira/browse/GN-26393>`_","WebUI","Vulnerability where information can be modified by directly entering a URL to an unauthorised page","",3.1
"6.0.18, 6.0.16","`GN-26390 <https://ims.genians.com/jira/browse/GN-26390>`_","WebUI","File export permission bypass vulnerability for unauthorized administrators through the Audit Log REST API","",3.1
"6.0.17, 6.0.16","`GN-27492 <https://ims.genians.com/jira/browse/GN-27492>`_","WebUI","Tomcat version upgrade (8.5.94 -> 8.5.96/9.0.81 -> 9.0.83)","",7.5
"6.0.17, 6.0.16","`GN-27278 <https://ims.genians.com/jira/browse/GN-27278>`_","WebUI","Tomcat version upgrade (8.5.94/9.0.81)","",7.5
"6.0.17, 6.0.16","`GN-26315 <https://ims.genians.com/jira/browse/GN-26315>`_","WebUI","Improved two-step verification to limit the number of times the verification code can be entered and the time limit","",4.3
"6.0.17","`GN-26600 <https://ims.genians.com/jira/browse/GN-26600>`_","WebUI","The problem of not being able to log in after an abnormal API call","5.0.42, 5.0.49, 6.0.7, 4.0.156, 5.0.56",5.3
"6.0.16","`GN-27014 <https://ims.genians.com/jira/browse/GN-27014>`_","WebUI","A problem where Passkey can be registered using the Passkey re-registration function without permission ","",3.9
"6.0.16","`GN-26935 <https://ims.genians.com/jira/browse/GN-26935>`_","WebUI","Vulnerability where an html tag output as a department name is executed in a tree","5.0.0",1.2
"6.0.16","`GN-26835 <https://ims.genians.com/jira/browse/GN-26835>`_","Center","Command Injection vulnerability via SQL used to update data","",6.6
"6.0.16","`GN-26833 <https://ims.genians.com/jira/browse/GN-26833>`_","Sensor","nmap script tampering vulnerability during sensor NMDB update","",4.1
"6.0.16","`GN-26696 <https://ims.genians.com/jira/browse/GN-26696>`_","Sensor","Insufficient validation of incoming sensor events","",6.3
"6.0.16","`GN-26694 <https://ims.genians.com/jira/browse/GN-26694>`_","Center","Parameter injection vulnerability due to insufficient verification of download URLs","",6.6
"6.0.16","`GN-26383 <https://ims.genians.com/jira/browse/GN-26383>`_","WebUI","Vulnerability where html/script code can be injected","",5.3
"6.0.15","`GN-26814 <https://ims.genians.com/jira/browse/GN-26814>`_","Center","Code improvements to Bufferoverflow","",2
"6.0.15","`GN-26725 <https://ims.genians.com/jira/browse/GN-26725>`_","Linux Agent, macOS Agent, Windows Agent","[Agent] Added validation for events sent from the Center and sensors","",6.3
"6.0.15","`GN-26392 <https://ims.genians.com/jira/browse/GN-26392>`_","WebUI","Vulnerability that allows unprivileged administrators to download debug logs","",2.9
"6.0.15","`GN-26368 <https://ims.genians.com/jira/browse/GN-26368>`_","WebUI","Vulnerability where an administrator's API key is exposed to other administrators","",5.3
"6.0.15","`GN-26222 <https://ims.genians.com/jira/browse/GN-26222>`_","WebUI","A problem where redirection can be performed by modulating the returnURL parameter used when moving pages in the management console","",1.9
"6.0.14","`GN-26460 <https://ims.genians.com/jira/browse/GN-26460>`_","Windows Agent","A vulnerability that allows an ordinary user to obtain PC administrator rights via an agent","5.0.0, 6.0.0",4.6
"6.0.14","`GN-26391 <https://ims.genians.com/jira/browse/GN-26391>`_","WebUI","Vulnerability where an unauthorized administrator can view debug logs in real time","5.0.0, 6.0.0",2.9
"6.0.13","`GN-26286 <https://ims.genians.com/jira/browse/GN-26286>`_","WebUI","An issue where Google OTP 2-step verification can pass 2-step verification by receiving a new security key","",6.5
"6.0.12","`GN-26205 <https://ims.genians.com/jira/browse/GN-26205>`_","Database","MySQL version upgrade 5.7.40 -> 5.7.41","",
"6.0.12","`GN-26150 <https://ims.genians.com/jira/browse/GN-26150>`_","WebUI","Tomcat version upgrade (9.0.68 -> 9.0.72, 8.5.78 -> 8.5.86)","",
"6.0.12","`GN-26062 <https://ims.genians.com/jira/browse/GN-26062>`_","Center, macOS Agent, Sensor, Windows Agent","OpenSSL 1.1.1t upgrade - Passing random pointers to memcmp calls can read memory contents or cause denial of service","",7.4
"6.0.12","`GN-26000 <https://ims.genians.com/jira/browse/GN-26000>`_","MySQL","MySQL version upgrade 5.7.33 -> 5.7.40","",
"6.0.12","`GN-25869 <https://ims.genians.com/jira/browse/GN-25869>`_","CWP","A problem where only an account (ID) is authenticated when CWP is authenticated using the agent user authentication menu when the IP management message is first on","6.0.3, 5.0.46",3.4
"6.0.11","`GN-25982 <https://ims.genians.com/jira/browse/GN-25982>`_","WebUI","CSP and HSTS headers added to WebUI Response Headers ","",
"6.0.11","`GN-25875 <https://ims.genians.com/jira/browse/GN-25875>`_","Windows Agent","A problem where agents have high privileges when running a web browser","4.0.0, 5.0.0, 6.0.0",3.3
"6.0.11","`GN-25849 <https://ims.genians.com/jira/browse/GN-25849>`_","WebUI","WebUI lib vulnerability check","",
"6.0.11","`GN-25811 <https://ims.genians.com/jira/browse/GN-25811>`_","IPMGMT","A problem where you can log in with only a user ID via frontpage in the IP application system","",4.9
"6.0.10","`GN-25925 <https://ims.genians.com/jira/browse/GN-25925>`_","IPMGMT, WebUI","IP Application System > IP Application Screen XSS Possible Problems","",5.4
"6.0.10","`GN-25847 <https://ims.genians.com/jira/browse/GN-25847>`_","WebUI","Added a re-authentication procedure when accessing the user information modification page on the CWP screen","",4.2
"6.0.10","`GN-25740 <https://ims.genians.com/jira/browse/GN-25740>`_","WebUI","Issues where XSS is possible in Audit > Logs > Log search bar","",5.6
"6.0.1","`GN-24305 <https://ims.genians.com/jira/browse/GN-24305>`_","GNOS","2.4.52 version upgrade for Apache vulnerability measures","",9.8
"6.0.1","`GN-24253 <https://ims.genians.com/jira/browse/GN-24253>`_","WebUI","log4j vulnerability improvements","",9.8
"6.0.1","`GN-23714 <https://ims.genians.com/jira/browse/GN-23714>`_","Center","Complementing agent-related APIs with poor authentication","",4.6
"6.0.1","`GN-23461 <https://ims.genians.com/jira/browse/GN-23461>`_","WebUI","[SaaS] Saas security authentication source code inspection result measures","",9.1
"6.0.1","`GN-23446 <https://ims.genians.com/jira/browse/GN-23446>`_","gnlogin, WebUI","Handle passwords so that specific words cannot be used","",8.7
"6.0.0","`GN-24030 <https://ims.genians.com/jira/browse/GN-24030>`_","GNOS","Removing the reverse shell feature from the netcat (nc) command included with the product","",
"6.0.0","`GN-24014 <https://ims.genians.com/jira/browse/GN-24014>`_","Center","SOAP/REST restrictions that can be called via HTTP","",2.5
"6.0.0","`GN-23981 <https://ims.genians.com/jira/browse/GN-23981>`_","macOS Agent, Windows Agent","An abnormal termination issue due to packet manipulation of UDP events to the agent","",3.4
"6.0.0","`GN-23977 <https://ims.genians.com/jira/browse/GN-23977>`_","macOS Agent, Windows Agent","Fixed an XSS vulnerability when the agent displayed instant messages","",6.8
"6.0.0","`GN-23972 <https://ims.genians.com/jira/browse/GN-23972>`_","Center, Sensor","A problem where the daemon may terminate abnormally when processing UDP event packets","5.0.36",6.4
"6.0.0","`GN-23970 <https://ims.genians.com/jira/browse/GN-23970>`_","WebUI","Administrator login bypass vulnerability using mobile apps","",6.1
"6.0.0","`GN-23967 <https://ims.genians.com/jira/browse/GN-23967>`_","WebUI","REST API Command Injection","",6.7
"6.0.0","`GN-23966 <https://ims.genians.com/jira/browse/GN-23966>`_","WebUI","XSS attack vulnerability when applying as an Excel file when applying as a CWP user","",6.8
"6.0.0","`GN-23965 <https://ims.genians.com/jira/browse/GN-23965>`_","WebUI","Internal file download vulnerability via a relative path on the Agent Download page","5.0.37",5.2
"6.0.0","`GN-23794 <https://ims.genians.com/jira/browse/GN-23794>`_","WebUI","A problem where the REST API can be called even if there is no valid authentication base when calling the REST API","",4.9
"6.0.0","`GN-23743 <https://ims.genians.com/jira/browse/GN-23743>`_","Center","Improving Denial of Service (DoS) vulnerabilities through APIs","",6.4
"6.0.0","`GN-23708 <https://ims.genians.com/jira/browse/GN-23708>`_","Center","Complementing sensor-related APIs with poor authentication","",4.6
"6.0.0","`GN-23706 <https://ims.genians.com/jira/browse/GN-23706>`_","Center","Internally used SOAP API vulnerability exposed externally via RPC","",
"6.0.0","`GN-23705 <https://ims.genians.com/jira/browse/GN-23705>`_","WebUI","(KVE-2021-1062) Enhanced name validity check for the file upload component in Conf Engine","",6.7
"6.0.0","`GN-23702 <https://ims.genians.com/jira/browse/GN-23702>`_","WebUI","(KVE-2021-1062) SSTI vulnerability in CWP Design Template","",
"6.0.0","`GN-23701 <https://ims.genians.com/jira/browse/GN-23701>`_","Windows Agent","(KVE-2021-1062) Vulnerability where relative paths can be used when generating agent files","",6.1
"6.0.0","`GN-23700 <https://ims.genians.com/jira/browse/GN-23700>`_","Center","(KVE-2021-1061) A vulnerability that allows a node to change passwords even if you are not an authenticated user","",8.7
"6.0.0","`GN-23699 <https://ims.genians.com/jira/browse/GN-23699>`_","Center, Sensor","(KVE-2021-1061) Vulnerability where information from all nodes can be obtained without sensor information","",
"6.0.0","`GN-23663 <https://ims.genians.com/jira/browse/GN-23663>`_","macOS Agent, Windows Agent","Agent OpenSSL 1.1.1l update","",9.8
"6.0.0","`GN-23662 <https://ims.genians.com/jira/browse/GN-23662>`_","GNOS","Upgraded to openSSL version 1.1.1l","4.0.146, 5.0.44, 6.0.1",9.8
"6.0.0","`GN-23563 <https://ims.genians.com/jira/browse/GN-23563>`_","Center","Fixes to defend against command injection attacks","",8
"6.0.0","`GN-23533 <https://ims.genians.com/jira/browse/GN-23533>`_","Center","Improved so that unusable plug-ins are not delivered to agents","",7.6
"6.0.0","`GN-23500 <https://ims.genians.com/jira/browse/GN-23500>`_","Center","Improved SQL Injection defense processing method","",8.7
"6.0.0","`GN-23499 <https://ims.genians.com/jira/browse/GN-23499>`_","GNOS","Remove the vulnerable LD_LIBRARY_PATH environment variable within GNOS","",
"6.0.0","`GN-23488 <https://ims.genians.com/jira/browse/GN-23488>`_","WebUI","[SaaS] SaaS security authentication WAS (Tomcat) vulnerability improvements","",7.5
"6.0.0","`GN-23377 <https://ims.genians.com/jira/browse/GN-23377>`_","GNOS","Upgrading openssh to version 8.6p1","",
"6.0.0","`GN-23358 <https://ims.genians.com/jira/browse/GN-23358>`_","WebUI","[CC] Web vulnerability check results security","",6.5
"6.0.0","`GN-23237 <https://ims.genians.com/jira/browse/GN-23237>`_","GenianOS","Apache httpd (2.4.48)/tomcat (8.5.63) upgrade","",7.5
"6.0.0","`GN-23233 <https://ims.genians.com/jira/browse/GN-23233>`_","ElasticSearch","[CC] Elasticsearch upgraded to version 5.6.16","",8.8