SEM 2021.4 release notes

Last modified: December 12, 2021

This document summarizes new features, improvements, and fixed issues in Security Event Manager (SEM) 2021.4, additional features, and upgrade notes and workarounds for known issues.

For further information, see the SEM 2021.4 Administrator Guide.

For system requirements, see SEM 2021.4 System Requirements.

If you are looking for previous release notes for SEM, see Previous Version documentation.

New in SEM 2021.4

Added features and improvements

Improvements to Historical Events Search Queries including:

Queries panel added for faster access to saved queries
Saved queries are now displayed as a tab on left in the historical events view, allowing faster access and easier management.
Import/Export of saved queries
Queries can be exported or imported as JSON files.
Added Favorites to saved queries
Frequently used queries can now be marked as favorites and stored in the Favorites category for quicker access.

New customer installation

For information about installing SEM, see the SEM Installation Guide and the SEM Getting Started Guide. For system requirements see the SEM 2021.4 System Requirements.

Before you upgrade

Migrate LDAP connectors (introduced in SEM 2020.4)

It is recommended that users remove any ambiguity in their Directory Service Tool connector configurations to allow migration to run as smoothly as possible. This can be by ensuring only one Directory Service Tool connector configuration is set up per domain.

All Directory Service Tool connectors are removed in process of the migration.

Upgrade agents

For AIX, HPUX and Solaris, agents installers now only contain custom Java; this means customers need to install Java themselves as a prerequisite.

Upgrade Java installation to the latest version. See System Requirements for supported versions.
For AIX agents, see Known Issues - AIX agent not connected after SEM upgrade.
Upgrade SEM agents using latest custom Java installer.

How to upgrade

If you are upgrading from a previous version, use the following resources to plan and implement your upgrade.

SEM must be upgraded to 2020.2 or 2020.2.1 before upgrading to 2021.4. See the SEM Upgrade Path to help you plan and execute your upgrade.

Download the upgrade package from the SolarWinds Customer Portal.

CMC

Since SEM 2020.4, a password is required to access the CMC command-line interface. The default CMC password is password. See Change the SEM CMC password for instructions on changing this.

File system consistency check (fsck)

During your upgrade, the system may run a fsck check during reboot. This can last 30 or more minutes depending on the quantity of data in the data partition. With the Debian version upgrade, the file system is configured to initiate the check when certain conditions are met:

21 mounts since the last check (during the 22nd reboot)

Or:

Six months since the last check

Supported connectors

The list of supported connectors can be found here.

Fixed issues

SEM 2021.4 fixes the following issues:

Case Number	Description
00762437	Syslog is now also supported over TCP on port 1470, as required by some Cisco devices.
n/a	Validation violation message no longer stops certain operations from finishing
n/a	SEM updated to jdk 16.0.2

Known issues

USB Defender service stops working after local policy USB detached
Issue: When USB Defender with Local policy is set up. A USB device that is not on Local policy whitelist is inserted and successfully disconnect by USB Defender. However, when reinserted and successfully ejected one or more than ten times l ejects the service fails.
Resolution/Workaround: None.

[Rules builder] [Email templates] - Not possible to select Event Data in Email action for rule with single condition and occurrence settings
Issue: After selecting Send Email Message in a single condition event rule, and selecting an email template, you cannot select Event Data as value for the parameter.
Resolution/Workaround: The rule must be triggered by one event only.

Unable to install MacOS agent on BigSur
Issue: Unable to install the MacOS agent on BigSur.
Resolution/Workaround: Execute/start the customerJava installer, kill it, and then execute the agent installer with bundled java.

"Set time when a rule won't trigger actions after rule was true" not working
Issue: The "Set time when a rule won't trigger actions after rule was true" functionality in rules does not work.
Resolution/Workaround: None.

Third Party Vulnerabilities

The following third-party vulnerabilities are fixed in SEM 2021.4.

CVE-ID	Vulnerability Title	Description	Severity
CVE-2018-20685	OpenSSH Vulnerability	In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.	Medium
CVE-2019-6109	OpenSSH Vulnerability	An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.	Medium
CVE-2019-6111	OpenSSH Vulnerability	An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).	Medium
CVE-2021-3580	Debian DSA-4933-1 vulnerability	A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.	High
CVE-2021-20305	Debian DSA-4933-1 vulnerability	A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.	High

End of life, end of support, and deprecation notices

End of life

Version	EOL Announcements	EOE Effective dates	EOL Effective dates
6.7	May 18, 2021: End-of-Life (EoL) announcement – Customers on SEM versions 6.7, 6.7.1, and 6.7.2 should begin transitioning to the latest version of SEM.	August 18, 2021: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM versions 6.7, 6.7.1, and 6.7.2 will no longer be actively supported by SolarWinds.	August 18, 2022: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version versions 6.7, 6.7.1, and 6.7.2.

Version

EOL

Announcements

EOE Effective

dates

EOL Effective dates

6.7

May 18, 2021: End-of-Life (EoL) announcement – Customers on SEM versions 6.7, 6.7.1, and 6.7.2 should begin transitioning to the latest version of SEM.

August 18, 2021: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM versions 6.7, 6.7.1, and 6.7.2 will no longer be actively supported by SolarWinds.

August 18, 2022: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version versions 6.7, 6.7.1, and 6.7.2.

End of support

Type	Details
JDK 8	With SEM 2021.4, Java 8 is no longer supported.
MSSQL Auditor	With SEM 2021.2, the MSSQL Auditor is no longer supported. The MSSQL Auditor connector will remain available.
Standalone Adobe Air Console	See the Adobe Flash End-of-Life page (© 2021 Adobe, available at adobe.com, retrieved April 12, 2021).

Type

Details

JDK 8

With SEM 2021.4, Java 8 is no longer supported.

MSSQL Auditor

With SEM 2021.2, the MSSQL Auditor is no longer supported.

The MSSQL Auditor connector will remain available.

Standalone Adobe Air Console

Legal notices

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

Search SolarWinds Support