SEM 2023.4 release notes
Release date: October 18, 2023
These release notes were last updated on February 27, 2024.
Here's what's new in Security Event Manager 2023.4.
Learn more
- See the SEM 2023.4 system requirements.
- For information about working with SEM, see the SEM 2023.4 Administrator Guide.
New features and improvements in SEM
Web-based regulatory and compliance reports
You can now generate web-based reports from historical search queries in the Historical Events and Reports tab. The reports convert your historical search queries into pie charts and tables to help you identify potential issues and make informed decisions about your network activity.
You can schedule the reports to be sent automatically to all stakeholders as an email attachment or an external server using a secure file transfer protocol (SFTP) connection. This new feature replaces the SEM Reports application included in version 2023.2.1 and earlier used to generate your reports.
You can save a report as a CSV or PDF file. The PDF file includes additional bookmarked report views, such as Top 10 Event Types and Top 10 IP Addresses. The report also includes a Details view that consolidates the report details into columned tables.
In the Historical Events screen, you can view your queries by name or scheduled query and group the queries by type, category, or tag. This option allows you to identify specific user activity in your deployment and generate on-demand or scheduled reports for your IT and management personnel based on your selected view option.
See Create regulatory and compliance reports for details.
Enhanced tag management
This release enables tag management shared between rules and queries. You can also choose a tag used in other parts of the system in rules.
The Tag management screen will display which tags are used by other queries or rules. When a tag is added to the rule, the Tag management screen will increase with the number of rules and rule templates associated to each tag displayed in the screen. Administrators can filter the tag list using the Refine Results panel.
See Create and manage tags for details.
Secure SFTP connections to external servers
You can now save your SEM reports to one or more Microsoft Windows servers using a secure file transfer protocol (SFTP) connection. This option ensures that you can deliver large reports that may exceed your email requirements to one or more Windows servers in your organization.
See Set up SFTP connections to external servers for details.
Email attachment size setting
You can now restrict the email attachment size to conform with your email provider restrictions. This setting will alert you when a scheduled or generated report exceeds the maximum attachment size up to 10 GB.
See Set the maximum email attachment size for details.
Time of day groups
Time of day groups are groups of hours that you associate with rules and filters to execute different actions at various times of the day. You can create as many groups as required to reflect your business needs.
For example, if you create time of day groups for both normal and after business hours, you can assign separate rules to each group. For normal business hours, you can create a new rule to alert your system administrator using email. For after business hours, you can assign a rule to alert a night shift administrator and automatically shut down the offending system.
SEM includes templates highlighted with the template 
icon to help you get started.
See Create time of day groups for details.
Updated OpenJDK LTS
This release includes Open Java Development Kit (OpenJDK) 17.0.8 Long Term Support (LTS) on the SEM Manager appliance. OpenJDK is an open source implementation of the Oracle Java platform.
Fixes
| Case number | Description |
|---|---|
|
00435647 01291452 01366691 01373573 01385438 |
The SAN certificates now support a hostname and fully qualified domain name (FQDN). |
|
00870961 |
You can now import a Certificate of Authority (CA) certificate to the SEM Appliance. |
|
01134704 |
You can now configure a report to generate between 12 AM and 11:59 PM. |
|
01293393 |
You can now upgrade SEM on a deployment hosted on Amazon Web Services (AWS). |
|
01273120 |
SEM no longer crashes after you reboot the system hosting the SEM Appliance. |
|
N/A |
Historical Events now displays past events that occurred in your deployment. |
|
01324708 |
When an event meets a rule condition, the SEM Manager now responds to the event in real time. |
|
01401099 01414510 01438189 |
SEM no longer generates an error when you start the application. |
|
01400561 01429051 01448547 |
You can now increase the capacity of an SEM virtual appliance without generating an error. |
CVEs
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
| CVE-ID | Vulnerability Title | Description | Severity |
|---|---|---|---|
|
CVE-2019-16905 |
OPENSSH XMSS KEY INTEGER OVERFLOW Vulnerability |
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: The XMSS implementation is considered experimental in all released OpenSSH version, and there is no supported way to enable it when building portable OpenSSH. |
High |
| CVE-2023-20867 | Information Disclosure Vulnerability | A fully compromised ESCi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | Low |
| CVE-2023-20900 | Privilege Escalation Vulnerability | A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html. | High |
| CVE-2023-4911 | Buffer overflow vulnerability |
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. |
High |
* Please Note: CVE-2023-4911 is not exploitable in previous versions because we do not allow any commands to be run outside of the CMC scripted shell menu. The patch was applied for the operating system and we have updated the release notes to reflect this change.
Installation or upgrade
For new installations, you can download the installation file from the product page on https://www.solarwinds.com or from the Customer Portal. For more information, see the SEM Installation and Upgrade Guide.
For upgrades, see Upgrade SEM in the SEM Administrator Guide to determine the upgrade path, review best practices for SEM upgrades, and upgrade the SEM components.
Before you upgrade!
Migrate the LDAP connectors (introduced in SEM 2020.4)
To facilitate a smooth migration, SolarWinds recommends that you remove any ambiguity in your Directory Service Tool connector configurations. Ensure that only one Directory Service Tool connector configuration is set up for each domain.
Upgrade the SEM agents
For AIX, HPUX and Solaris, agent installers are not shipped with OpenJDK. As a prerequisite, install Java by performing the following steps:
-
Upgrade your Java installation to the latest version (Java 11 or equivalent). See the system requirements for the supported versions.
-
Upgrade the SEM agents using the latest custom Java installer.
After you install and configure a SEM agent on an HP-UX server, the agent may not run as expected.
Known issues
Unable to generate a predefined query report
When you generate a predefined query report, the report fails to start.
Workaround: Remove the "/" character in the query name and regenerate the report.
There currently is no macOS agent
Workaround: Forward all syslogs from the macOS system.
Deprecation notice
The following platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features.
| Type | Details |
|---|---|
| Reports application |
The SEM reports application is deprecated and should no longer be used. The application's ability to report from SEM will be removed in a future release. SolarWinds recommends using the new integrated reports functionality included with this release. These reports include the same reporting functionality. |
End of life
| Version | EoL announcement | EoE effective date | EoL effective date |
|---|---|---|---|
| 2022.4 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.4 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.4 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.4. |
| 2022.2.2 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2.2 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2.2 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2.2. |
| 2022.2.1 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2.1 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2.1 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2.1. |
| 2022.2 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2022.2 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2022.2 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2022.2. |
| 2021.4 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.4 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.4 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.4. |
| 2021.2.1 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.2.1 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.2.1 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.2.1. |
| 2021.2 | November 1, 2023: End-of- Life (EoL) announcement – Customers on SEM version 2021.2 should begin transitioning to the latest SEM version. | April 16, 2024: End-of- Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM 2021.2 will no longer be actively supported by SolarWinds. | November 1, 2024: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version 2021.2. |
See the End of Life Policy for information about SolarWinds product life cycle phases. To see EoL dates for earlier SEM versions, see SEM release history.
Legal notices
© 2023 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.