Affected Product:
Product | Affected Version/Build | Patched Version/Build |
|---|---|---|
ConfigOS Command Center 2.8.5 | 2.8.5.00219 and earlier | 2.8.6.74 (Internal Build) and Earlier5.00236 and later |
ConfigOS Command Center 2.8.6 | 2.5.00236 and later8.6 (Internal Build) and Earlier | 2.8.6.74 and later |
...
Vulnerability Overview:
The following CVEs have been identified in third-party components used by our software:
Component | Component Info | CVE Identifier | CVE Information | CVE Severity |
ImageSharp | Graphic Library for .NET | CVE-2024-27929 | 7.1 (High) | |
Microsoft.Data.SqlClient | SQL Data Provider | CVE-2024-0056 | 8.7 (High) | |
System.Data.SqlClient | SQL Data Provider | CVE-2024-0056 | 8.7 (High) |
...
SteelCloud’s Current Response Status:
Our development team has already prioritized this issue and included a security update in the supported releases of our affected products. The security update includes the following changes:
The ImageSharp library has been removed from ConfigOS Command Center and will no longer be included in future releases.
.Net Framework 6.0 has been upgraded to 8.0.
System.Data.SqlClient has been upgraded to version 4.8.6
.
Microsoft.Data.SqlClient has been upgraded to version 5.1.3 – Release Notes.
These completed updates are being tested and will be released to customers as soon as we have verified all necessary functionality.
...
Your Required Actions:
To maintain the security of your environment, we strongly recommend that you update any installed instances of the affected product(s) as soon as possible. A separate alert will go out
We will send a separate update email when patched releases are published to the customer portal.
...
Support and Inquiries:
Your security is of paramount importance to us. Should you have any questions or require further assistance, please do not hesitate to contact our support team at
(703) 674-5500, Option 2.
...