CVE-2021-37698 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-37698 Interim 1 14 2025-02-17T00:31:41Z current 2021-08-21T01:13:41Z 2025-02-17T00:31:41Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-37698 Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version 2.13.1, 2.12.6, or 2.11.11 to patch the issue. Such instances should also change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB. There are no workarounds aside from upgrading. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2022-October/012665.html E-Mail link for SUSE-SU-2022:3725-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Manager Client Tools Beta for SLE 12 SUSE Manager Client Tools for SLE 12 openSUSE Tumbleweed icinga icinga2-2.13.1-1.3 icinga2-2.8.2-3.6.1 icinga2-bin-2.13.1-1.3 icinga2-bin-2.8.2-3.6.1 icinga2-common-2.13.1-1.3 icinga2-common-2.8.2-3.6.1 icinga2-doc-2.13.1-1.3 icinga2-doc-2.8.2-3.6.1 icinga2-ido-mysql-2.13.1-1.3 icinga2-ido-mysql-2.8.2-3.6.1 icinga2-ido-pgsql-2.13.1-1.3 icinga2-ido-pgsql-2.8.2-3.6.1 icinga2-libs-2.8.2-3.6.1 nano-icinga2-2.13.1-1.3 vim-icinga2-2.13.1-1.3 vim-icinga2-2.8.2-3.6.1 icinga2-2.8.2-3.6.1 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-bin-2.8.2-3.6.1 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-common-2.8.2-3.6.1 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-doc-2.8.2-3.6.1 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-ido-mysql-2.8.2-3.6.1 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-ido-pgsql-2.8.2-3.6.1 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-libs-2.8.2-3.6.1 as a component of SUSE Linux Enterprise Module for HPC 12 vim-icinga2-2.8.2-3.6.1 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-2.13.1-1.3 as a component of openSUSE Tumbleweed icinga2-bin-2.13.1-1.3 as a component of openSUSE Tumbleweed icinga2-common-2.13.1-1.3 as a component of openSUSE Tumbleweed icinga2-doc-2.13.1-1.3 as a component of openSUSE Tumbleweed icinga2-ido-mysql-2.13.1-1.3 as a component of openSUSE Tumbleweed icinga2-ido-pgsql-2.13.1-1.3 as a component of openSUSE Tumbleweed nano-icinga2-2.13.1-1.3 as a component of openSUSE Tumbleweed vim-icinga2-2.13.1-1.3 as a component of openSUSE Tumbleweed icinga as a component of SUSE Manager Client Tools Beta for SLE 12 icinga as a component of SUSE Manager Client Tools for SLE 12 Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version 2.13.1, 2.12.6, or 2.11.11 to patch the issue. Such instances should also change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB. There are no workarounds aside from upgrading. CVE-2021-37698 SUSE Linux Enterprise Module for HPC 12:icinga2-2.8.2-3.6.1 SUSE Linux Enterprise Module for HPC 12:icinga2-bin-2.8.2-3.6.1 SUSE Linux Enterprise Module for HPC 12:icinga2-common-2.8.2-3.6.1 SUSE Linux Enterprise Module for HPC 12:icinga2-doc-2.8.2-3.6.1 SUSE Linux Enterprise Module for HPC 12:icinga2-ido-mysql-2.8.2-3.6.1 SUSE Linux Enterprise Module for HPC 12:icinga2-ido-pgsql-2.8.2-3.6.1 SUSE Linux Enterprise Module for HPC 12:icinga2-libs-2.8.2-3.6.1 SUSE Linux Enterprise Module for HPC 12:vim-icinga2-2.8.2-3.6.1 openSUSE Tumbleweed:icinga2-2.13.1-1.3 openSUSE Tumbleweed:icinga2-bin-2.13.1-1.3 openSUSE Tumbleweed:icinga2-common-2.13.1-1.3 openSUSE Tumbleweed:icinga2-doc-2.13.1-1.3 openSUSE Tumbleweed:icinga2-ido-mysql-2.13.1-1.3 openSUSE Tumbleweed:icinga2-ido-pgsql-2.13.1-1.3 openSUSE Tumbleweed:nano-icinga2-2.13.1-1.3 openSUSE Tumbleweed:vim-icinga2-2.13.1-1.3 SUSE Manager Client Tools Beta for SLE 12:icinga SUSE Manager Client Tools for SLE 12:icinga moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N