SEM 2024.2 release notes
Release date: April 17, 2024
These release notes were last updated on April 24, 2024.
Here's what's new in Security Event Manager 2024.2.
Learn more
- See the SEM 2024.2 system requirements.
- For information about working with SEM, see the SEM 2024.2 Administrator Guide.
New features and improvements in SEM
Software license recycling
License recycling allows you to collect and reuse your subscription or perpetual SEM licenses from nodes that are offline and failed to send an event to the SEM Manager within a specified amount of time. You can apply license recycling to all network nodes, selected nodes, or all nodes except your selected nodes.
License recycling helps you minimize your IT software expenses by maximizing your Universal (SEM) and Workstation Edition (SWE) license pools. You can repurpose your SEM licenses to collect log data, monitor event traffic, and view historical events from only active non-agent devices and workstations in your deployment.
See Recycle SEM licenses for more information.
Publish reports using SMB file sharing
You can publish SEM reports to a file share on one external server using server message block (SMB) file sharing. This feature can help you streamline your SEM report delivery to department and management servers where authorized personnel can access their requested reports in a timely manner. You can configure SMB file sharing to one or more shares on a single Windows server.
When you run or schedule a SEM report, you can select an SMB configuration as a sharing option.
See (Optional) Set up SMB file sharing to a Windows server in the SEM Administrator Guide for more information.
Contextual help for events and event properties
This release includes contextual help for all events included with SEM. When you click the Events drop-down menu and hover over the information 
icon in an event name, a pop-up window displays with a description of the event.
The following example shows the contextual help in the Events drop-down menu when you create a new rule.
If the event includes an event property, you can view the contextual help for the property.
When you create a new rule, you can mouse over the event to access the contextual help for the event.
You can access contextual help for each event in the Events drop-down menus when you:
Updated Linux Debian packages
This release includes updated Linux Debian packages on the SEM Manager appliance to further harden the application.
Updated Java Runtime Environment (JRE)
This release includes Open Java Development Kit (OpenJDK) 17.0.10 Long Term Support (LTS). This JRE version is the same version installed on the SEM Manager appliance. OpenJDK is an open source implementation of the Oracle Java platform.
Updated Apache Tomcat
This release includes Apache Tomcat 9.0.85, which provides additional enhancements to further harden the application.
Other improvements
-
Spring Web 5.3.32
Fixes
| Case number | Description |
|---|---|
|
00107654 00116948 00346938 00354891 |
When you recycle a license, the inactive node is removed from the license pool. |
|
00554923 |
When you run the SolarWinds Installer, the installer no longer hangs during the installation procedure. |
|
01063650 |
When you run the SolarWinds, the installer no longer hangs during the upgrade procedure. |
|
00686391 00721268 00976672 01066283 01125113 01209605 |
The SEM agents now send log messages to the SEM Manager without generating an error. |
|
01273120 |
The SEM Manager can now communicate with all SEM agents in a deployment. |
|
01292939 |
The Historical Events & Reports tab now displays all historical events. |
|
01352155 |
The Configure > Directory service groups page now displays the correct connection information for each service group. |
|
01324708 |
When you create a new rule, the rule now displays correctly in the Rules screen. |
|
01324708 |
When you save a new rule, the rule is saved successfully. |
|
01364989 |
SEM no longer generates multiple alerts after upgrading to version 2023.2. |
|
01292939 |
When you create a search in the Historical Events & Reports tab, the search generates the correct events based on your search parameters. |
|
01414779 01450379 |
When you enable log forwarding, the log messages are forwarded correctly to third-party systems. |
|
01497514 |
Beginning in version 2023.4, all SEM web-based regulatory and compliance reports previously located in the SEM Reports console are now located in the Historical Events and Reports tab. See Locate migrated SEM audit reports in the SEM Administrator Guide to locate the previous report queries in the Historical Events and Reports tab. |
|
01584460 01586140 01587735 |
The SEM upgrade installer no longer generates an error message “Error: apt-get install failed” when you upgrade from a previous version to version 2024.2. |
Third Party CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability title | Description | Severity |
|---|---|---|---|
| CVE-2024-23672 | OpenSSH Privilege Escation Vulnerability | Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open, leading to increased resource consumption. |
4.0 |
| CVE-2019-16905 | OpenSSH Pre-Auth Integer Overflow Vulnerability | OpenSSH 7.7 through 7.9, and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. |
7.8 |
| CVE-2021-28041 | OpenSSH Double Free Vulnerability | ssh-agent in OpenSSH before 8.5 has a double free vulnerability that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. |
7.1 |
| CVE-2021-41617 | OpenSSH Privilege Escation Vulnerability | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. |
7.0 |
| CVE-2020-14145 | OpenSSH Man-in-the-Middle Vulnerability |
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. If exploited, this would allow man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: Some reports state that 8.5 and 8.6 are also affected. |
5.9 |
| CVE-2019-6111 | OpenSSH Man-in-the-Middle Vulnerability |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-the-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). |
5.9 |
| CVE-2019-6110 | OpenSSH Man-in-the-Middle Vulnerability | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-the-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. |
6.8 |
| CVE-2019-6109 | OpenSSH Man-in-the-Middle Vulnerability |
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: The XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. |
6.8 |
| CVE-2018-20685 | OpenSSH SCP client improper directory name validation | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. |
5.3 |
Based on the vulnerability scans, the used Java version was flagged as vulnerable. SolarWinds does not use Java using methods affected by the following CVEs. See SolarWinds Products and Oracle Java SE Vulnerabilities for more information.
| CVE-ID | Vulnerability title | Description | Severity |
|---|---|---|---|
| CVE-2024-20918 | Broken Access Control Vulnerability |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). |
7.4 |
| CVE-2024-20919 | Broken Access Control Vulnerability |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). |
5.9 |
| CVE-2024-20921 | Broken Access Control Vulnerability |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). |
5.9 |
| CVE-2024-20926 | Broken Access Control Vulnerability |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). |
5.9 |
| CVE-2024-20945 | Broken Access Control Vulnerability |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). |
4.7 |
| CVE-2024-20952 | Broken Access Control Vulnerability |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). |
7.4 |
| CVE-2024-20932 | Broken Access Control Vulnerability |
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) |
7.4 |
Before you upgrade!
Upgrade the SEM agents
For AIX, HPUX and Solaris, agent installers are not shipped with OpenJDK. As a prerequisite, install Java by performing the following steps:
-
Upgrade your Java installation to the latest version (Java 11 or equivalent). See the system requirements for the supported versions.
-
Upgrade the SEM agents using the latest custom Java installer.
After you install and configure a SEM agent on an HP-UX server, the agent may not run as expected.
Installation or upgrade
For new installations, you can download the installation file from the product page on https://www.solarwinds.com or from the Customer Portal. For more information, see Get the installer.
For upgrades, go to Settings > My Deployment to initiate the upgrade. The SolarWinds Installer upgrades your entire deployment (all SolarWinds Platform products and any scalability engines).
For more information, see the SolarWinds Platform Product Installation and Upgrade Guide.
Known issues
There currently is no macOS agent
Workaround: Forward all syslogs from the macOS system.
End of life
| Version | EoL announcement | EoE effective date | EoL effective date |
|---|---|---|---|
| 2023.2 | April 17, 2024: End-of- Life (EoL) announcement – Customers on SEM version 2023.2 should begin transitioning to the latest SEM version. | November 1, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2023.2 will no longer be actively supported by SolarWinds. | April 17, 2025: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2023.2. |
| 2022.4 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.4 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.4 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.4. |
| 2022.2.2 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2.2 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2.2 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2.2. |
| 2022.2.1 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2.1 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2.1 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2.1. |
| 2022.2 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2. |
| 2021.4 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.4 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.4 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.4. |
| 2021.2.1 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.2.1 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.2.1 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.2.1. |
| 2021.2 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.2 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.2 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.2. |
See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier SEM versions, see SEM release history.
End of support
This version of Security Event Manager no longer supports the following platforms and features.
| Type | Details |
|---|---|
| Reports application |
The SEM Reports application is no longer supported. To create your regulatory and compliance reports, use the integrated reports functionality included in this release. See Create regulatory and compliance reports in the SEM Administrator Guide for details about creating SEM reports. |
Legal notices
© 2024 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.