Documentation forSecurity Event Manager

SEM 2023.2 release notes

Release date: April 18, 2023

These release notes were last updated on August 11, 2023.

These release notes describe the new features, improvements, and fixed issues in Security Event Manager (SEM) 2023.2. They also provide information about upgrades and describe workarounds for known issues.

Learn more

New in SEM 2023.2

Return to top

SEM 2023.2 offers new features and improvements compared to previous releases of SEM.

Event groups

Event groups allow you to group similar events together into a single category to initiate a specific event filter, rule, or condition.

You can create an event group that includes a custom family of alerts, save the group as an event group, and associate the group with your rules and filters. If you have multiple SEM instances, you can import an event group from another SEM instance or export all event groups to another SEM instance.

See Create event groups in the SEM Administrator Guide for details.

Improved tag management

You can now create and view tags from the Tag management window for queries.

Tags allow you to quickly identify specific user activity in your deployment. For example, if you are interested in monitoring a specific event in your deployment, you can create a new rule with a tag to display the color-coded tag notification on queries matching your defined criteria. You can also apply multiple tags to a single rule or keyword.

See Create and manage tags in the SEM Administrator Guide for details.

Improved manager to agent communications

This release implements several updates to ensure uninterrupted communications between the SEM Manager and agents and prevent unauthorized access to your SEM deployment. These updates include:

  • New SEM Manager and agent certificates

  • Agent certificate recovery

  • Automatic certificate updates

  • Endpoint identification

See Configure SEM to collect event data from systems and devices in the SEM Administrator Guide for details.

Email Active Response connector testing

After you set up an Active Response connector in the SEM Console, you can now test the connector by sending a test message to a targeted user. This process ensures that the connector can send an email response through your SMTP server to a targeted user when the connector detects an issue in your deployment.

See Edit an Active Response connector profile in the SEM Administrator Guide for details.

Changes to system requirements

Beginning with this release, the following Microsoft Windows operating systems are no longer supported:

  • Windows 7

  • Windows 8

  • Windows 8.1

  • Windows Server 2008

  • Windows Server 2008 R2

The following protocols are no longer supported:

  • Server Message Block version 1 (SMB1)

Fixed issues

Return to top

SEM 2023.2 fixes the following issues.

Case Number Description

N/A

You can now display and hide disabled filters in your filters list.

N/A

Additional emails can now be accessed in a link.

N/A

By default, all widgets now reflect the selected tag in the subtitle and display a “No data to show” label for an empty state.

CVEs

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

CVE-ID Vulnerability Title Description Severity
CVE-2021-28041 OpenSSH ssh-agent double free flaw ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. High
CVE-2019-16905 Pre-Auth Integer Overflow in the XMSS Key Parsing Algorithm in OpenSSH

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm.

The XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.

High
CVE-2004-2761 The MD5 Message-Digest Algorithm Vulnerability The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. Medium
CVE-2023-20860 Security Bypass With Un-Prefixed Double Wildcard Pattern Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. High
CVE-2023-20861 Spring Expression DoS Vulnerability In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. Medium

New customer installation

Return to top

For details about installing SEM, see the SEM Installation and Upgrade Guide.

To prevent access by unauthorized users, SolarWinds recommends setting up your SEM appliance with no access to the Internet or any public-facing network. For additional security recommendations, see the SEM security checklists located in the SEM Administrator Guide.

Before you upgrade!

Migrate LDAP connectors (introduced in SEM 2020.4)

To facilitate a smooth migration, SolarWinds recommends that you remove any ambiguity in your Directory Service Tool connector configurations. Ensure that only one Directory Service Tool connector configuration is set up for each domain.

All Directory Service Tool connectors are removed during the migration.

Upgrade SEM agents

For AIX, HPUX and Solaris, agent installers are not shipped with OpenJDK. As a prerequisite, install Java by performing the following steps: 

  1. Upgrade your Java installation to the latest version. See the system requirements for the supported versions.
  2. Upgrade the SEM agents using the latest custom Java installer.

    After you install and configure a SEM agent on an HP-UX server, the agent may not run as expected.

How to upgrade

Download the upgrade package from the SolarWinds Customer Portal.

Go to Settings > My Deployment to initiate the upgrade. The SolarWinds Installer upgrades your entire deployment. If you are upgrading from a previous version, use the resources described in this section to plan and implement your upgrade.

Before you upgrade to 2023.2, upgrade to 2020.2 or 2020.2.1 first. To upgrade from earlier versions, see the SEM Upgrade Path to help you plan and execute your upgrade.

CMC

Beginning in SEM 2020.4, a password is required to access the CMC command-line interface. The default CMC password is password.

See Change the SEM CMC password in the SEM Administrator Guide for instructions on changing the password.

File system consistency check

After you complete the upgrade, your system may run a file system consistency check (fsck) during the reboot. This consistency check can last 30 minutes or more depending on the amount of data in the data partition.

With the Debian version upgrade, the file system initiates the consistency check during the 22nd reboot (21 mounts) or six months since the last check.

Supported connectors

See SEM connectors in the SEM Administrator Guide for a list of supported connectors.

Legal notices

Return to top

© 2023 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.