Affected Product:
Product | Affected Version/Build | Patched Version/Build |
|---|---|---|
ConfigOS Command Center | 2.8.5.00219 and earlier | 2.8.5.00236 and later 2.8.6.74 (Internal Build) and Earlier |
Vulnerability Overview:
The following CVEs have been identified in third-party components used by our software:
Component | Component Info | CVE Identifier | CVE Information | CVE Severity |
ImageSharp | Graphic Library for .NET | CVE-2024-27929 | 7.1 (High) | |
Microsoft.Data.SqlClient | SQL Data Provider | CVE-2024-0056 | 8.7 (High) | |
System.Data.SqlClient | SQL Data Provider | CVE-2024-0056 | 8.7 (High) |
SteelCloud’s Current Response Status:
Our development team has already prioritized this issue and included a security update in the supported releases of our affected products. The security update includes the following changes:
The ImageSharp library has been removed from ConfigOS Command Center and will no longer be included in future releases.
System.Data.SqlClient has been upgraded to version 4.8.6 – Release Notes.
Microsoft.Data.SqlClient has been upgraded to version 5.1.3 – Release Notes.
These completed updates are being tested and will be released to customers as soon as we have verified all necessary functionality.
Your Required Actions:
To maintain the security of your environment, we strongly recommend that you update any installed instances of the affected product(s) as soon as possible. A separate alert will go out when patched releases are published to the customer portal.
Support and Inquiries:
Your security is of paramount importance to us. Should you have any questions or require further assistance, please do not hesitate to contact our support team at
(703) 674-5500, Option 2.
Or visit our Support Portal
