Visma Cloud Services Status - Scheduled maintenance for Upgrading NetScaler ADCs

Scheduled maintenance for Upgrading NetScaler ADCs - with disruptions

Scheduled Maintenance Report for Visma Cloud Services

Completed

The scheduled maintenance has been completed.

Posted Jul 22, 2024 - 20:00 CEST

In progress

Scheduled maintenance is currently in progress. We will provide updates as necessary.

Posted Jul 22, 2024 - 18:00 CEST

Scheduled

Today, 22th of July 2024, Datacenter Network Team, will continue with the upgrades of NetScaler ADCs starting at 18:00 CET until 20:00 CET and during this time, we expect to have disruptions.

Change Details:
Two vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).

To avoid an incident, we need to upgrade the Netscaler ADCs to the latest version that was released, as soon as possible.

We expect to have disruptions on the service. In the worst case scenario, downtime may also appear.

CVE ID: CVE-2024-5491
Description: Denial of Service
Pre-requisites: ADC or Gateway appliance configured with SNMP (NSIP/SNIP)
CWE: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS: CVSS v4.0 Base Score: 7.1

CVE ID: CVE-2024-5492
Description: Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites
Pre-requisites: Requires targeted user to access an attacker-controlled URL while being on a network with access to NSIP
CWE: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVSS: CVSS v4.0 Base Score: 5.1

You can read more about it, here:
https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492

Date: 22th of July 2024
Timeline: The change window will be between 18:00 CET and 20:00 CET.
Downtime: We expect to have disruptions on the service. In the worst case scenario, downtime may also appear.

Assets Involved:

- ADC4: Toyota, Talent, ProvisioningGateway, Mercell, Swedish Donor Registry, Proceedo, SWN, Flyt, Visma Software OY, VUQ-KOM, Visma Software AS, Visma Enterprise AS, Visma eAccounting AS, Visma Advantage AB, Visma Advantage AS, Tripletex AS, SWCOM Platform, Visma Financial Solutions AB, Visma Software AB, Visma Financial Solutions AS, Visma Software Labs AS, Visma SPCS AB, Visma Enterprise AB, Payroll Fi, Visma PubliTech, Integration_Platform, Visma Software AS, Visma Soft Int AS Help Visma Net, Visma Soft Int AS ux.visma.com, Visma Soft Int AS alteryx.visma.com, Visma Financial Sol AS vc-ftpadmin, VCDM Tools

- ADCVXO6 (Citrix gateway aspse.visma.com)

Contact
If you have any questions or concerns, please contact our IT Service Desk:

Email: it-servicedesk@visma.com (during office hours)
Phone: +47 21 60 78 42 (when the matter is urgent, inside or outside office hours)
Service Owner: Kastytis Valadkevičius

Posted Jul 22, 2024 - 12:09 CEST