Resolved Issues
The resolved issues addressed in the JSA 7.5.0 Update Package 5 are listed below:
-
CVE-2022-43863 - JSA is vulnerable to privilege escalation.
-
JSA is vulnerable to using components with known vulnerabilities.
-
JSA apps can stop running on an app host after it is set up with High Availability (HA).
-
Geographic tests performed within JSA can cause performance issues due to XML parsing process.
-
JSA dependency checker sometimes does not find dependent rules or building blocks.
-
Restored config backups can cause an rpm mismatch between the rpm version of dsm, protocols, vis, and the jars installed.
-
When overriding an eventID with two different CEF or LEEF keys using the dsm editor/LSX, only the first is properly parsed.
-
The High Availability (HA) restore process allows a primary to be rebuilt as a secondary 500 appliance.
-
The value of 'most recent results' in an offense report displays as a negative when using a different user account.
-
Logging for tenant filtering only logs one tenant and reports incorrect values.
-
80xx log manager appliance type displays as 'event processor' in system and license management.
-
A managed host can fail to inherit the correct license pool allocation when it has been re-added to a deployment.
-
Patching from a mounted sfs file in /store is allowed by JSA but can cause high availability patching to fail.
-
A non-admin user role user cannot re-assign or move a log source to a different group using the log source management app.
-
The JSA pipeline can stop receiving all events due to a stringoutofboundsexception occurring.
-
Error written to JSA logging: "There was an error reading authentication.properties. Settings will not be reloaded".
-
Repetitive /var/log/audit.log messages being written after a failed protocol test using the log source management app.
-
Glusterfs migration or pretest can fail after removing a 15xx appliance from the deployment.
-
Replication process can take longer than expected on encrypted hosts after a high availability failover.
-
TaskManagementRetentionAgent can overload Tomcat with threads causing it to fail.
-
Making a change on a high availability pair can cause an unexpected active node reboot and failover.
-
JSA is unable to verify SAML signatures in some instances.
-
Null Pointer Exception occurs during log source configuration where certificate key usage validation fails.
-
Event to identify indexed value is 'NULL' is not generated by rules indexed by custom event properties.
-
Unable to delete JSA user during reassignment of custom flow properties.
-
'Application error' can occur when disabling a user that has dependencies.
-
Missing file /var/log/si-postgres-pam.log causes some services to fail to properly startup.
-
Access to the user interface may be lost due to missing authorized service tokens.
-
Event pipeline can stop due to secstoreforwarddestinationjava.lang.interalerror:sigbus.
-
Scheduled reports can run on raw data causing them to fail or take longer than expected to complete.
-
AQL equality operators do not work with AQL xforce functions array output.
-
Users cannot access log source management despite having manage log source and JSA log source management permissions.
-
DSM parameter changes not being saved for environment with single event collector.
-
AQL search with conditions imatches or ilike return fewer results if the super index is used.
-
Upgrading a detached host or HA standby with an expired license displays 'patch successful (with errors)'.
-
Get_logs.sh does not run correctly on systems that no longer support MegaCLI.
-
Geodata_update.sh returning false positive notifications on HA standby consoles.
-
When running an AQL search with group by using a cep value that exceeds 1000 characters, the cep value is truncated.
-
Modifying the rule 'multiple login failures for single username' might cause an NPE error when JSA is reading the rule.
-
Hostdefinition building block VA scanner source IP is overwritten on every deploy if additional IP addresses are added.
-
JSA.jsp call to licensekeymanager.areLicensesValid() causes a delay on login for customers having multiple managed hosts.
-
Users patching from JSA 7.3.2 to JSA 7.5.0 might experience longer patch times than expected.
-
New searches started in the offenses tab display incorrect time range options in the user interface.
-
An application error occurs when a domain user attempts to assign an inactive offense.
-
Authenticated HTTP request failure response incorrectly redirect win collect configuration requests to the login page.
-
Users who log in to JSA can receive an error 'invalid license key' when the license is valid.
-
Reference data API source response does not reflect the requested API source value.
-
Application upgrades can fail when a health check executes on all applications.
-
System rule names that were modified have old name in offense summary.
-
Use Case Manager exports fail while session was in an open transaction state.
-
Offense takes the offense start time from an older unrelated partial match event.
-
Applications might fail to install because the application start time exceeds 500 seconds.
-
QRM device backup failures caused by spillover cache.
-
Domain mapped events might be incorrectly tagged to the default domain.
-
In JSA, when IP addresses overlap during deployment, known hosts values can be removed.
-
Authentication module settings page might be blank in JSA 7.5.0 Update Package 4.
-
Offense summary page event/flow count field does not match the event count in log activity.
-
Saving an LDAP repository can result in a nullpointerexception error causing login.conf file to go blank.
-
Rules action for severity, credibility, and relevance are not properly displayed in the UI after an update.
-
After you install the kernel and the reboot is complete, the installer hangs on a hardware check involving Myver and MegaCli.
-
The software menu displays unsupported functionalities.
-
The console displays as an event collector in the System and Licensing, License Appliance Type column.
-
Log Analytics is missing from the installation wizard menu.
-
The Network Insights installation fails without error.