CIS-CAT Assessor and v4 Service April 2022 Vulnerability Updates


Product Name

CIS-CAT Pro Assessor

CIS-CAT Pro Assessor v4 Service

CIS-CAT Lite

 

Product Version

All Assessor versions including and prior to 4.16.0

All Assessor v4 Service version including and prior to 1.16.0

 

Date

Apr 5, 2022



 

Problem

Software contains security vulnerabilities present in embedded, third party dependencies.

Solution

Upgrade to the latest version of CIS-CAT Pro Assessor.

  1. Login to CIS WorkBench

  2. Navigate to Downloads on menu bar

  3. Select Tag for ‘CIS-CAT Assessor', navigate to the latest version, and download

  4. Replace installations of CIS-CAT Pro Assessor in your environment

 

 

Third party dependencies are code libraries produced by sources outside CIS. CIS-CAT utilizes these libraries for common software activities, such as authentication and logging.

Impact

The risk to individual organizations has been assessed as low given CIS-CAT is not outward facing. We recommend our Members follow best practices and update to the latest version as soon as possible. See below for a list of the associated dependencies that have been replaced.

Third Party Dependency Details

See below for a list of the associated dependencies(Dependency column) that have been replaced. The Resolved Dependency column shows the dependency version that resolved security findings that CIS-CAT has implemented in the latest version.

Product

Dependency

Resolved Dependency

Product

Dependency

Resolved Dependency

Assessor v4

Assessor v4 Service

CIS-CAT Lite

org.postgresql:postgresql is at 42.2.13

org.postgresql:postgresql is at 42.2.25

Keywords;

Content by Label


Copyright © 2020

Center for Internet Security®