Genian NAC 5.0.55 (LTS) Release Notes (2025-02-03)

Last Updated: 2025-02-03

Security Vulnerability

Revision Key Components Description Affects Versions CVSS Score
125681 GN-28063 WebUI A problem where blind injection is possible in the node management search bar   2.2
125400 GN-27107 WebUI Service disabled by executing a Tomcat restart command by an unauthorized administrator 5.0.41 2.7
125328 GN-27242 WebUI A vulnerability where SQL injection is possible through the user search screen in NAC 5.0 5.0.15 4.8
123778 GN-26393 WebUI Vulnerability where information can be modified by directly entering a URL to an unauthorised page   3.1
123254 GN-26390 WebUI File export permission bypass vulnerability for unauthorized administrators through the Audit Log REST API   3.1
122614 GN-27492 WebUI Tomcat version upgrade (8.5.94 -> 8.5.96/9.0.81 -> 9.0.83)   7.5
121389 GN-26315 WebUI Improved two-step verification to limit the number of times the verification code can be entered and the time limit   4.3
120866 GN-27278 WebUI Tomcat version upgrade (8.5.94/9.0.81)   7.5
120379 GN-26935 WebUI Vulnerability where an html tag output as a department name is executed in a tree 5.0.0 1.2
120379 GN-26865 WebUI XSS input vulnerability in dashboard widget settings   1.2
120379 GN-26835 Center Command Injection vulnerability via SQL used to update data   6.6
120379 GN-26833 Sensor nmap script tampering vulnerability during sensor NMDB update   4.1
120379 GN-26814 Center Code improvements to Bufferoverflow   2
120379 GN-26725 Linux Agent, macOS Agent, Windows Agent [Agent] Added validation for events sent from the Center and sensors   6.3
120379 GN-26696 Sensor Insufficient validation of incoming sensor events   6.3
120379 GN-26694 Center Parameter injection vulnerability due to insufficient verification of download URLs   6.6
120379 GN-26383 WebUI Vulnerability where html/script code can be injected   5.3
120379 GN-26222 WebUI A problem where redirection can be performed by modulating the returnURL parameter used when moving pages in the management console   1.9

New Features and Improvements

Revision Key Components Description Affects Versions
130183 GN-28953 Linux Agent Linux Agent, OSID addition task (5.0)  
129529 GN-28738   Agent Windows Server 2022 support  
127334 GN-28368 macOS Agent macOS agent supports newly released macOS 15 (codename Sequoia) 5.0.0, 6.0.0
125153 GN-27973 Center, macOS Agent, Sensor, Windows Agent OpenSSL 3.0.13, 1.1.1w upgrade - excessive resource usage during X.509 policy constraint checking 4.0.0, 5.0.0, 6.0.0
123469 GN-27625 Sensor Fixed an issue where pubilc IP cannot be imported when changing sensor operation modes and policies  
122691 GN-27462 Windows Agent Improved to download only cosign files corresponding to the operating system (64/32 bit) when installing the file distribution V2 plug-in 5.0.42, 4.0.155, 6.0.15, 5.0.55 (LTS), 5.0.56, 5.0.57
122238 GN-27164 VRRPD [General-purpose OS] A problem where the redundant configuration switches to the slave state due to an interface status check failure after switching to the master state 5.0.42
122215 GN-27402 WebUI API improvements so that start/end times can be set when modifying MAC policies  
122178 GN-27390 Center, WebUI Improved so that data in the /disk/data/report directory is also deleted when setting the number of reports to be saved  
121929 GN-27241 macOS Agent Improved so that agents can validate server events when using macOS multi-policy servers  
121892 GN-27248 Linux Agent Linux Agent, improved so that agents can validate server events when using multiple policy servers  
121742 GN-26627 WebUI Improved so that the authentication screen is not displayed again on CWP Web after agent authentication while the CWP web page is output  
121119 GN-27269 -Unknown/None- Remove unnecessary permissions from apache/tomcat-related directories and files  
120558 GN-26325 GNOS Fixed an issue where procmond was executed repeatedly when running httpd-driven scripts  
120405 GN-27146 Center A problem where the password entered by the user remains in the central debug file when linking external authentication via extauth fails  
120379 GN-27207 Windows Agent Improved so that agents can validate server events when using multiple policy servers  
120379 GN-27206 Center, Sensor Added the ability to export trusted nodeids from the center to sensors and agents  
120379 GN-27142 Windows Agent Change the integration module to support the new version of the pill  
120379 GN-27121 Center, macOS Agent macOS agent support for new OS 14.0 (Sonoma)  
120379 GN-27046 WebUI Added IP/MAC additional field items to node registration, batch node registration, and node attribute import  
120379 GN-27045 WebUI Added the ability to output additional IP and MAC fields newly added to the node management list  
120379 GN-27038 WebUI Fixed an issue where webssh could not be connected after the openssh version was upgraded  
120379 GN-27031 Center, Sensor [General-purpose OS] Local privilege escalation vulnerability in Ubuntu OverlayFS module  
120379 GN-27013 WebUI Improved so that items set to markdown can be converted  
120379 GN-27010 GenianOS GNOS OpenSSH version upgrade (8.6p1->9.3p2)  
120379 GN-26988 macOS Agent Improved functionality so that the approval window is not displayed when using the macOS file distribution plug-in V2  
120379 GN-26987 Linux Agent Improved functionality so that the approval window is not displayed when using the Linux Agent and File Distribution Plug-in V2  
120379 GN-26981 Center, Linux Agent, macOS Agent, WebUI, Windows Agent Improved functionality so that the approval window is not displayed when using the distribution plug-in V2  
120379 GN-26879 WebUI IP/MAC additional field management function added  
120379 GN-26838 Ubuntu(Debian) [General-purpose OS] ICMP Timestamp support removed  
120379 GN-26792 Center, Sensor Enhanced validation of policy server incoming events  
120379 GN-26791 WebUI Expand up to 20 custom fields that can be used when registering nodes in batches (uploading csv files)  
120379 GN-26789 Genian Syncer Electronic signature verification of operating information data synchronized with Genian Sinker  
120379 GN-26778 Center Add node group conditions related to the IP/MAC additional field  
120379 GN-26766 Center, macOS Agent Development of distribution plugins based on macOS Sigstore electronic signatures  
120379 GN-26730 macOS Agent macOS agent ZTNA applies a new icon and changes the connection display  
120379 GN-26729 macOS Agent Symptoms of not being able to collect AhnLab V3 information when using the macOS agent vaccine information collection plug-in  
120379 GN-26724 Sensor Improved port module kernel upgrade (2.6.38->4.14.196) for Axgate 80D and 200AX models  
120379 GN-26644 Windows Agent Change the Center CA certificate installation option to default ON and change the execution cycle  
120379 GN-26563 Sensor Improved so that the sensor can manage the Alias IP band without setting Alias IP in the sensor interface  
120379 GN-26479 Sensor Improved so that the blocking node is unblocked when shutting down via the sensor reboot/poweroff command  
120379 GN-26462 WebUI Improved so that customer information is not displayed on the management UI login screen  
120379 GN-26381 WebUI Add an organization name (USER_COMPANY) column to the user management list  
120379 GN-26359 Windows Agent Added a feature to force the use of Windows's 'Wi-Fi random hardware address option'  
120379 GN-26329 Windows Agent Added a feature that allows you to forcibly disable the Windows logon screen display settings when controlling the screen saver  
120379 GN-26321 WebUI A problem where the OS type combo box on the device group screen is output as an empty value  
120379 GN-26192 WebUI SAML Service Provider Metadata Creation Function  
120379 GN-26186 Center Improved the part where the audit log type did not match due to event key mismatch 5.0.33
120379 GN-26183 WebUI Fixed so that the end date of use of the IP application system is not displayed by default on the same day when applying for an IP  
120379 GN-26171 CWP Improved so that the administrator's ID is not displayed in CWP announcements  
120379 GN-26167 Authsync Postgresql package upgrade to support SCRAM-SHA-256 authentication  
120379 GN-26123 WebUI Improved the part where millisecond values are output in the DateTime value of emails sent after listening to the user  
120379 GN-26105 WebUI Improvement of the width (width) of the node management operation status chart  
120379 GN-26043 Sensor Improved so that authentication and encryption algorithms can be selected when the SNMP Agent is running  
120379 GN-26037 WebUI Improved so that a reason input pop-up window appears when approving/rejecting on the user application details page  
120379 GN-26031 Center, Database Adding node group conditions using system information (motherboard) collected by agents  
120379 GN-25993 Center Ability to restore previous versions of GPDB/NMDB updates  
120379 GN-25959 Center Improved to leave an audit log when automatically returning  
120379 GN-25940 Linux Agent Linux Agent, offline installation package creation tool development  
120379 GN-25921 Linux Agent Linux Agent, log cleaning function added  
120379 GN-25540 GenianOS Change the CA certificate validity period to 10 years  
120379 GN-23316 Center Simplifying upgrades by including sensors/agents in the Policy Server image  
120379 GN-22197 Center Added a function to enable OAUTH 2.0 ROPC authentication  

Issues Fixed