Refer to this board to find the latest security advisories for CloverDX Data Integration Platform.
For inquiries please contact us at security@cloverdx.com.
CloverDX Security Advisories
| Publication Name |
Publication Date Last update date |
Summary |
|---|---|---|
| August 2024 |
6-August-2024 12-August-2024 |
One medium severity vulnerability. All supported CloverDX versions now have a fix available. |
| April 2023 |
18-April-2023 4-May-2023 |
As of 2nd May, we provide fixes for all supported CloverDX versions. This advisory discloses one critical severity vulnerability that can lead to sensitive data leak via CloverDX Server audit logs. |
| November 2022 - Text4Shell |
9-November-2022 15-November-2022 |
As of 15th November, we provide fixes for all supported versions of CloverDX. This advisory discloses Tex4Shell vulnerability from Apache Text Commons library (CVE-2022-42889) and provides information about its impact on CloverDX. |
| November 2022 - OpenSSL |
1-Novemebe-2022 2-November-2022 |
CloverDX is not directly affected by these vulnerabilities. The environment around it may be affected - review the advisory for more details. This advisory provides information about two high severity vulnerability in OpenSSL (CVE-2022-3602 and CVE-2022-3786). |
| April 2022 - Spring4Shell |
1-April-2022 13-April-2022 |
All supported CloverDX versions have fix available. Information about fix included. This advisory discloses one critical severity vulnerability in Spring Framework and provides an overview of its impact on CloverDX products. The vulnerability (CVE-2022-22965, also known as Spring4Shell) is an RCE (Remote Code Execution) vulnerability in Spring Framework. Spring Framework is used in CloverDX as one of the technologies powering CloverDX Server Console. The vulnerability allows attacker to exploit data binding functionality in Spring to execute arbitrary code on the target system. |
| December 2021 |
13-December-2021 22-February-2022 |
As of 22 February, CloverDX has addressed all vulnerabilities related to Log4j. Please read details in the advisory to find out about available maintenance releases and update steps. This advisory discloses several critical, high and medium severity security vulnerabilities commonly known as “Log4Shell” and provides overview of their impact on CloverDX products. These vulnerabilities allow attackers to exploit JNDI lookups and other Log4j features to execute arbitrary code. |
| November 2021 | 29-November-2021 |
This advisory discloses one medium severity security vulnerability in CloverDX Server. The vulnerability (CVE-2021-42776) is an XXE (XML External Entity) vulnerability in CloverDX Server Console. This vulnerability allows users to read content of local files on CloverDX Server that they might not be able to access otherwise. The vulnerability can be fixed by upgrading to newer version of CloverDX Server as described in Fixed product versions section (see details in the advisory). |
| April 2021 | 12-April-2021 |
This advisory discloses two high severity security vulnerabilities in CloverDX Server. The first vulnerability (CVE-2021-29995) is an XSS vulnerability in CloverDX Server Simple HTTP API while the second one (CVE-2021-30133) is a CSRF vulnerability in CloverDX Server – see below for more details. Both vulnerabilities affect the same versions of CloverDX Server and can be fixed by upgrading to newer CloverDX release as detailed below. |
Comments 0