Qualys Cloud Agent for Linux on zSystem Release 3.31.1

Limited Customer Release

January 16, 2025

There are no new features and enhancements for this release of Cloud Agent Linux on zSystems.

Behavior Changes

There are no behavior changes in this release.

Platform Coverage Support

No new platform coverage added in this release.

Issues Addressed

The following important and notable issues are fixed in this release:

Component/Category	Description
Untrusted Search Path Vulnerability	The shell scripts packaged with the Cloud Agent installer execute multiple system utilities without an absolute path or resetting a path to a safe value. This allows a malicious actor to place harmful files on your assets when the shell scripts are executed with elevated privileges. We have updated this behavior by setting up the fixed paths for shell script execution. This enhancement prevents the infiltration of malicious files on your assets and prevents you from any potential security threats. The updated shell script behavior also helps in mitigating the Untrusted Search Path Vulnerability (CWE-426).

Component/Category

Description

Untrusted Search Path Vulnerability

The shell scripts packaged with the Cloud Agent installer execute multiple system utilities without an absolute path or resetting a path to a safe value. This allows a malicious actor to place harmful files on your assets when the shell scripts are executed with elevated privileges.

We have updated this behavior by setting up the fixed paths for shell script execution. This enhancement prevents the infiltration of malicious files on your assets and prevents you from any potential security threats. The updated shell script behavior also helps in mitigating the Untrusted Search Path Vulnerability (CWE-426).

Known Issues, Limitations, and Workarounds

There are no known issues or limitations in this release.

Last updated: February, 2026