SaaS Products Security/Vulnerability Advisory

 CLOUDBASIX Software-As-A-Service (SaaS) Products
Distributed via AWS, Microsoft Azure, Google Cloud and other channels

Security Advisory

SaaS  Product
Security Advisory
 Release Date
Generally Available (GA)Report/Discovery Date		 Current Version Reported by Remediation Status
CloudBasix InterCloud, SQL Server Edition

  • SQL Server
  • HA/DR S3 Data Lakes
  • Redshift

November 3, 2014

 13.2

Apache Log4j disclosed a new RCE issue CVE-2021-44228 that affects all versions from 2.0-beta9 to 2.14.1 [1]

December 11, 2021 Amazon Web Services

Internal Discovery (SCA)

 A new AMI version was released shortly after the report with removed Log4j (as not used by the product; used by a MS tool).

For customers with existing instances, provided recommendation to delete the file, located in C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar

Microsoft.AspNetCore Medium risk vulnerability (based on product delivery model)

 October 3, 2022 Internal Discovery (SCA) Upgraded from Microsoft.NetCore.App 2.2.8 to 6.0.19
The NetCore version is located in the 2 sub-folders of C:\Program Files\dotnet\shared

The updater Version 13.0 and later removes sub-folders of C:\Program Files\dotnet\shared labeled 2.2.8 and replaces those with 6.0.19.

One year Advanced notice
regarding Windows 2012 (including R2) based instances

 October 10, 2022 Microsoft Microsoft Windows 2012 (including R2) EOL support will end on  Oct-22-2023
https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2012
https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Upgrade path:
To Windows 2019 based  Instance. Refer to below upgrade guidance resource, or contact Support

https://cloudbasic.net/saas-products-security-advisory/windows-2012-to-2019-migration

 

SaaS  Product/
Security Vulnerability Reports		 Release Date
Generally Available (GA)Report/Discovery Date		 Current Version Reported by Remediation Status
CloudBasix InterCloud

Snowflake,
BigQuery,
CloudSQL
PostgreSQL

October 25, 2021

 4.9 NA

Spring Framework Data Binding Rules Vulnerability (CVE-2022-22968)

 May 5, 2022 Internal Discovery (SCA) Upgraded to latest Spring Boot framework shortly after discovery.

New image and update packages produced.

Last updated: Dec-10-2022