ID: 6595
Title: if.include: Recognize duplicate interface items correctly
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.6.0i1
The recognition works correct but not in the following situation
where the wrong network interface data is checked.
<ul>
<li><tt>Use desciption</tt> or <tt>use alias</tt> is configured in the
ruleset <tt>Network Interface and Switch Port Discovery</tt>.</li>
<li>Two or more network interfaces exist with same description or alias.</li>
<li>Only one network interface with this description or alias is discovered.</li>
<li>The discovered network interface does not rank first.</li>
</ul>
Now the index is attached if an alias or description exists at least twice.
ID: 6625
Title: Fixed possible failed mkbackup because of changed mknotifyd state file
Component: Core & setup
Level: 1
Class: Bug fix
Version: 1.6.0i1
The mknotifyd used specific names for a temporary file which was not excluded by
the mkbackup mechanism. When a backup was performed while the mknotifyd wrote it's
state file, the backup could fail with an exception like this:
OSError: [Errno 2] No such file or directory: \'/omd/sites/int_ma_5351/var/log/mknotifyd.state.new\'
ID: 6597
Title: netapp_api_vs_traffic: Fixed pending services
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.6.0i1
The netapp_api_vs_traffic service always shows
<tt>Traffic vServer NAME PEND - Cannot compute check result: No time difference</tt>
This is caused because the counter key which is used in get_rate
function is not unique if multiple protocols are found.
ID: 6565
Title: Fixed possible XSS issues in Bookmarks snapin
Component: Multisite
Level: 1
Class: Security fix
Version: 1.6.0i1
We've discovered and fixed several possible XSS issues affecting
the Bookmarks snapin. These could be used to execute arbitrary
javascript code in the context of an authenticated user.
ID: 6609
Title: Fixed possible XSS on SNMP MIB upload page
Component: WATO
Level: 1
Class: Security fix
Version: 1.6.0i1
Using MIB files with specific names it was possible to trigger an XSS
on the MIB file administration page which only affected admin users.
ID: 6566
Title: Fixed possible XSS on agent update status views
Component: agents
Level: 1
Class: Security fix
Version: 1.6.0i1
Parts of the agent deployment status could be used to trigger XSS injections.
ID: 6567
Title: Fixed possible XSS on activate changes page
Component: WATO
Level: 1
Class: Security fix
Version: 1.6.0i1
It was possible to trigger an XSS issue using the change messages
in some situations.
ID: 6568
Title: Fixed possible XSS on custom icon management page
Component: WATO
Level: 1
Class: Security fix
Version: 1.6.0i1
Using icons with specific names it was possible to trigger an XSS
on the icon administration page which only affected admin users.
ID: 6611
Title: Fixed multiple reflected XSS attacks using AJAX calls
Component: WATO
Level: 1
Class: Security fix
Version: 1.6.0i1
Several AJAX calls with invalid content type setting could be used
to trigger XSS attacks.
ID: 6615
Title: Fixed unauthorized access to master control actions
Component: Multisite
Level: 2
Class: Security fix
Version: 1.6.0i1
As an authenticated guest user it was possible to gain unauthorized access to
the master control snapin actions event if it is not possible to open the
master control snapin. The vulnerability could be used to disable the complete
monitoring or trigger other actions like disabling notifications.