Adeptia follows established processes for security testing and ensures that there is zero critical and high vulnerability in the released product. The following table contains the summary of high and medium severity vulnerabilities of the microservice images of This page provides the testing report for security testing done on Adeptia Connect v4.1.
...
Database Migration
Shared
License
Webapp gateway
REST API Publisher
API Publisher Gateway
Migration
Listener
...
Webapp Gateway
API Publisher Gateway
Migration
...
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
...
...
...
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
...
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
...
libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
...
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
...
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
...
...
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
...
...
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
...
Penetration testing
Adeptia has engaged a third-party vendor 'RedTeam Security Consulting' to perform a web security assessment and penetration testing of Adeptia Connect v4.1 and ensured zero critical and high vulnerability issues.
Following is the link to security scanning report for your reference.
Security scanning report: OWASP Security Vulnerability Scanning Report.pdf