Category Archives: Security Notices

Recommended Configuration Change to Mitigate a Potential SentinelOne EDR Attack 

Posted on May 7, 2025 by Joe Kern

We have been made aware of an attack that bypasses SentinelOne EDR through the execution of a local SentinelOne installer. We recommend following SentinelOne’s instructions to enable the “Online Authorization” setting for “Local Upgrade/Downgrade,” as doing so mitigates this attack … Continue reading

Posted in N-central, N-sight, Security Notices | Comments Off on Recommended Configuration Change to Mitigate a Potential SentinelOne EDR Attack 

N-central Critical Security Fix Details

Posted on July 2, 2024 by Matt Miller

In alignment with our commitment to transparency and trust, N-able published two CVEs for vulnerabilities within N-able N-central. CVE-2024-28200 details how the N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all … Continue reading

Posted in N-central, Security Notices | Tagged | Comments Off on N-central Critical Security Fix Details

CVE-2023-30297 Release Note

Posted on July 27, 2023 by Matt Miller

The following vulnerability was addressed in N-central 2023.4 (released on June 22, 2023): CVE-2023-30297 could allow for the N-central agent to be vulnerable to a Man in the Middle (MITM) attack due to the certificate errors not being recognized by … Continue reading

Posted in N-central, Security Notices | Comments Off on CVE-2023-30297 Release Note

N-able and Spring4Shell(CVE-2022-22965)

Posted on April 4, 2022 by carlagajdecki

Update after SWI noticeUpdated April 6, 2022 N-able has been closely monitoring details as they’ve emerged around the Spring4Shell vulnerability, which has received quite a bit of attention over the last week. The N-able security team began to investigate any … Continue reading

Posted in Cove Data Protection, Mail Assure, MSP Manager, N-central, Passportal, Risk Intelligence, Security Notices, Take Control | Comments Off on N-able and Spring4Shell(CVE-2022-22965)

Apache Log4j Vulnerability – Updated 1:00 p.m. EST, December 22, 2021

Posted on December 20, 2021 by carlagajdecki

Updated: December 21, 2021 Risk Intelligence deployed appropriate patches as of 4 1.m. EST December 21, 2021. Original Post: As you may know, a vulnerability within the Apache Log4j tool was identified on Friday, December 10, 2021 – tracked as CVE-2021-44228. … Continue reading

Posted in Cove Data Protection, Mail Assure, MSP Manager, N-central, Passportal, Risk Intelligence, Security Notices, Take Control | Comments Off on Apache Log4j Vulnerability – Updated 1:00 p.m. EST, December 22, 2021

N-able Risk Intelligence: Apache Log4j Vulnerability Fix

Posted on December 15, 2021 by carlagajdecki

We have released an update to Risk Intelligence to address the recent Apache Log4j vulnerability. We have evaluated risk within Risk Intelligence and have deployed patches for any vulnerable components as of 3:00 am EST on December 15, 2021.  Please … Continue reading

Posted in Risk Intelligence, Security Notices | Comments Off on N-able Risk Intelligence: Apache Log4j Vulnerability Fix

Apache Log4j Vulnerability – Updated 12 p.m. EST, December 15, 2021

Posted on December 13, 2021 by carlagajdecki

Updated 2:30 p.m. EST, December 20, 2021 The Apache Software Foundation (ASF) has rolled out another update – version 2.17.0 – for its Java-based open-source logging library Log4j to address a third security vulnerability first discovered December 10, 2021. In response, … Continue reading

Posted in Cove Data Protection, Cove Data Protection service updates, Mail Assure, MSP Manager, N-central, Passportal, Risk Intelligence, Security Notices, Take Control | Comments Off on Apache Log4j Vulnerability – Updated 12 p.m. EST, December 15, 2021

Apache Log4j Vulnerability – Updated 12 p.m. EST, December 15, 2021

Posted on December 10, 2021 by carlagajdecki

Updated 2:30 p.m. EST, December 20, 2021 The Apache Software Foundation (ASF) has rolled out another update – version 2.17.0 – for its Java-based open-source logging library Log4j to address a third security vulnerability first discovered December 10, 2021. In response, … Continue reading

Posted in Cove Data Protection, Mail Assure, N-central, Passportal, Risk Intelligence, Security Notices | Comments Off on Apache Log4j Vulnerability – Updated 12 p.m. EST, December 15, 2021

Apache Log4j Vulnerability

Posted on December 10, 2021 by carlagajdecki

Updated 2:30 p.m. EST, December 20, 2021 The Apache Software Foundation (ASF) has rolled out another update – version 2.17.0 – for its Java-based open-source logging library Log4j to address a third security vulnerability first discovered December 10, 2021. In response, … Continue reading

Posted in N-central, Risk Intelligence, Security Notices | Comments Off on Apache Log4j Vulnerability

Unquoted Service Path Vulnerability Update

Posted on March 26, 2021 by carlagajdecki

On March 25, 2021, our partner, Omega Systems, reported that an unquoted service path vulnerability existed within our Windows Ecosystem Agent services for N-able™ RMM and N-central®. This vulnerability may allow a malicious actor to execute their own malicious payloads … Continue reading

Posted in N-central, Security Notices | Comments Off on Unquoted Service Path Vulnerability Update