security.paradine.at
Open in
urlscan Pro
108.138.85.97
Public Scan
Submitted URL: https://security.paradine.at/
Effective URL: https://security.paradine.at/advisories/
Submission: On November 25 via api from US — Scanned from US
Effective URL: https://security.paradine.at/advisories/
Submission: On November 25 via api from US — Scanned from US
Form analysis 1 forms found in the DOM
GET /search.html
<form role="search" id="search-form-1algz7t5tzg" method="GET" action="/search.html" data-vp-id="vp-search-form" class="flex w-full justify-center">
<div data-vp-component="search-bar" data-vp-variant="" class="vp-search-bar has-suggestions">
<div class="vp-search-bar__input-container">
<div data-vp-component="search-input" class="vp-search-input"><input role="combobox" aria-controls="suggestion-1y2wqcjun8" aria-expanded="false" aria-autocomplete="list" required="" type="search" autocomplete="off" aria-label="Search"
class="vp-search-input__input">
<div class="vp-search-input__slot"></div><button type="submit" aria-label="Submit" class="vp-search-input__submit vp-search-input__icon"><svg data-vp-id="magnifier-icon" data-vp-component="icon" xmlns="http://www.w3.org/2000/svg" width="20"
height="20" viewBox="0 0 20 20" fill="none" aria-hidden="true">
<path
d="M8.99452 14.5C10.5121 14.5 11.809 13.9669 12.8854 12.9007C13.9618 11.8345 14.5 10.5361 14.5 9.00548C14.5 7.48794 13.9631 6.19097 12.8893 5.11458C11.8155 4.03819 10.519 3.5 9 3.5C7.46786 3.5 6.16816 4.0369 5.1009 5.11071C4.03363 6.18453 3.5 7.48096 3.5 9C3.5 10.5321 4.0331 11.8318 5.09929 12.8991C6.1655 13.9664 7.46391 14.5 8.99452 14.5ZM9 16C8.02913 16 7.11974 15.816 6.27185 15.4479C5.42395 15.0799 4.68056 14.5799 4.04167 13.9479C3.40278 13.316 2.90278 12.576 2.54167 11.728C2.18056 10.88 2 9.97053 2 8.99956C2 8.04152 2.18403 7.13542 2.55208 6.28125C2.92014 5.42708 3.41864 4.68387 4.04758 4.0516C4.67653 3.41935 5.41569 2.91935 6.26508 2.5516C7.11449 2.18387 8.02548 2 8.99806 2C9.95769 2 10.8646 2.18403 11.7188 2.55208C12.5729 2.92014 13.316 3.42014 13.9479 4.05208C14.5799 4.68403 15.0799 5.42612 15.4479 6.27835C15.816 7.13058 16 8.0381 16 9.00094C16 9.83365 15.8615 10.6213 15.5846 11.3638C15.3078 12.1062 14.9254 12.7836 14.4375 13.3958L18 16.9583L16.9375 18L13.375 14.4583C12.7668 14.9459 12.0939 15.3247 11.3564 15.5948C10.6188 15.8649 9.83333 16 9 16Z"
fill="currentColor"></path>
</svg></button>
</div>
</div>
</div>
</form>Text Content
Skip to main content Show navigation Security Advisories * Go to homepage * Security Advisories * BASE-1003: API Vulnerability Bug log4j -in pentaho third party library - Critical * BASE-1045: Critical CVE-2016-3088 activemq-protobuf 1.1 - False Positive * BASE-1340: Critical Vulnerability CVE-2016-1906 hazelcast-kubernetes - Critical - False Positive * BASE-1388: Apache Log4j2 not protected against attacker controlled LDAP and other JNDI related endpoints * BASE-1396: Apache Log4j2 <=2.17 did not protect from uncontrolled recursion from self-referential lookups. CVE-2021-45105 * BASE-1501: Frontend Vulnerability Bug Bug CVE-2022-1586, CVE-2022-1587 - Critical * BASE-1551: Pinpoint Agent 1.x Vulnerabilities * BASE-1907: Cumulative Security Patch for eptos Release 6.1.x - 2023-11 * BASE-1910: Cumulative Security Patch for eptos Release 6.2.x - 2023-11 * BASE-1911: Critical CVE-2023-46604 activemq-protobuf 1.1 - False Positive * BASE-1913: Cumulative Security Patch for eptos Release 6.3.x - 2023-11 SECURITY ADVISORIES & CUMULATIVE SECURITY PATCH RELEASE OVERVIEW Security advisories are released when critical vulnerabilities are found in Paradine’s software products. Vulnerabilities are rated according to the Common Vulnerability Scoring System (CVSS) which captures the principal technical characteristics of software, hardware and firmware vulnerabilities. Its outputs include numerical scores indicating the severity of a vulnerability relative to other vulnerabilities. In case critical security vulnerability is detected in our software products, we are submitting a security advisory describing the issue and mitigation possibilities on this page. Quarterly we are providing a Cumulative Security Release for releases under active maintenance. IMPACT TO CUSTOMER INSTALLATIONS In our managed service or cloud products, the identified critical vulnerabilities are patched by Paradine as soon as possible after detection. For on-premise installations or customer maintained cloud installations, we are disclosing critical vulnerabilities on this page, so that appropriate patching measures can be taken by our customers. VULNERABILITY FIXING POLICY Critical Security Vulnerabilities When a Critical Security Vulnerability (9.0-10.0 according to CVSS v3.1 specification) is discovered by internal checks or reported by a third party, we will: * Submit a security bulletin describing the issue and mitigation possibilities, usually in parallel with the release of potential patch release. * If mitigation is acceptably possible the vulnerability security level will be changed to High, and the issue will be treated as non-critical vulnerability. * If mitigation is not acceptably possible, we will issue a new, patch release for the latest software release, fixing the issue in the affected product(s) as soon as possible. * On demand of customer, we will prepare a new patch release also for a previous software release or components of the previous software release, if the release in focus is still under a valid maintenance contract. In some cases, we may use additional information unrelated to CVSS score, e.g. knowledge about use of impacted components, to modify the severity level of a vulnerability. Non-critical vulnerabilities (High, Medium, Low) * When a security issue of a High, Medium or Low severity is discovered, we will fix within the service level objectives for issues of problem class 3 which will be fixed together with the next minor or major release whatever comes earlier. WHAT IS A FALSE POSITIVE VULNERABILITY ASSESSMENT? * An alert that incorrectly indicates that a vulnerability is present. Sources: NIST SP 800-115 * False positive vulnerabilities are documented but cannot be fixed. LIST OF SECURITY ADVISORIES & CUMULATIVE SECURITY PATCH RELEASE Issue ID Summary Published Date Severity Affected Products CVE BASE-1003 BASE-1003: API Vulnerability Bug log4j -in pentaho third party library - Critical 5.5.2021 Critical eptos base module / base-module-etl-export CVE-2019-17571, CVE-2020-9493 CVE-2022-23305 GHSA-2qrg-x229-3v8q GHSA-65fg-84f6-3jq3 GHSA-f7vh-qwp3-x37m BASE-1045 BASE-1045: Critical CVE-2016-3088 activemq-protobuf 1.1 - False Positive 18.6.2021 Critical eptos Base Module (All Components) eptos Email Collector CVE-2010-0684, CVE-2010-1244, CVE-2011-4905, CVE-2012-5784, CVE-2012-6092, CVE-2012-6551, CVE-2013-1879, CVE-2013-1880, CVE-2013-3060, CVE-2014-3576, CVE-2015-7559, CVE-2016-3088, CVE-2018-11775, CVE-2020-13920, CVE-2020-13947 BASE-1340 BASE-1340: Critical Vulnerability CVE-2016-1906 hazelcast-kubernetes - Critical - False Positive 15.10.2021 Critical False Positive eptos Base Module (All Components) eptos Email Collector CVE-2015-7561 CVE-2016-1905 CVE-2016-1906 CVE-2016-7075 BASE-1388 BASE-1388: Apache Log4j2 not protected against attacker controlled LDAP and other JNDI related endpoints 9.12.2021 17.12.2021 (updated) Critical eptos modules - all releases 5.3 - 6.1 eptos Search Engine 2.0 - 2.1 CVE-2021-44228 CVE-2021-45046 BASE-1396 BASE-1396: Apache Log4j2 <=2.17 did not protect from uncontrolled recursion from self-referential lookups. CVE-2021-45105 21.12.2021 22.12.2021 (updated) Critical eptos modules - 6.1 eptos Search Engine 2.0 - 2.1 only if logging of api's has been turned on (default off). CVE-2021-45105 BASE-1501 BASE-1501: Frontend Vulnerability Bug Bug CVE-2022-1586, CVE-2022-1587 - Critical 21.06.2022 Critical eptos Base Module (All Components) eptos Email Collector eptos Search Engine CVE-2022-1586 CVE-2022-1587 BASE-1551 BASE-1551: Pinpoint Agent 1.x Vulnerabilities 01.09.2022 Critical eptos Base Module (All Components) eptos Business Party Manager eptos Dictionary Transformation Manager eptos Document Manager eptos Terminology Manager eptos Unit and Quantity Manager eptos Template Manager eptos Publication Manager eptos Item Manager eptos Dictionary Manager eptos Email Collector eptos Search Engine eptos Search Engine 2.1 CVE-2018-10237 CVE-2018-11798 CVE-2018-1320 CVE-2019-0205 CVE-2019-0210 CVE-2019-16869 CVE-2019-17571 CVE-2019-20444 CVE-2019-20445 CVE-2020-13949 CVE-2020-8908 CVE-2020-9493 CVE-2020-9493 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 CVE-2022-24823 GHSA-2qrg-x229-3v8q GHSA-5mg8-w23w-74h3 GHSA-65fg-84f6-3jq3 GHSA-fp5r-v3w9-4333 GHSA-g2fg-mr77-6vrm GHSA-mvr2-9pj6-7w5j GHSA-rj7p-rfgp-852x GHSA-vx85-mj8c-4qm6 GHSA-w9p3-5cr8-m3jj GHSA-wjxj-f8rg-99wx BASE-1907 BASE-1907: Cumulative Security Patch for eptos Release 6.1.x - 2023-11 eptos 6.1 (All Components) see bulletin BASE-1910 BASE-1910: Cumulative Security Patch for eptos Release 6.2.x - 2023-11 eptos 6.2 (All Components) see bulletin BASE-1911 BASE-1911: Critical CVE-2023-46604 activemq-protobuf 1.1 - False Positive 17.11.2023 Critical False Positive eptos 6.x (All Components) CVE-2023-46604 BASE-1913 BASE-1913: Cumulative Security Patch for eptos Release 6.3.x - 2023-11 eptos 6.3 (All Components) FURTHER READING * CVSS Specification Document × * Copyright © 2023 * • Powered by Scroll Viewport & Atlassian Confluence * JavaScript errors detected Please note, these errors can depend on your browser setup. If this problem persists, please contact our support. Contact Support Close