Versions Compared

Old Version 1

changes.mady.by.user Avinash Kumar

Saved on

compared with

New Version 2

changes.mady.by.user Ashhad Alam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Adeptia follows established processes for security testing and ensures that there is zero critical and high vulnerability in the released product. This page provides the testing report for security testing done on Adeptia Connect v3.5.

Penetration testing

Adeptia has engaged a third-party vendor 'RedTeam Security Consulting' to perform a web security assessment and penetration testing of Adeptia Connect v3.3 and ensured zero critical and high vulnerability issues. The table below contains the links to security scanning reports and their summary for your reference.

Security scanning reportSummary of the report

OWASP Security Vulnerability Scanning Report.pdf

OWASP Security Vulnerability Scanning Summary.pdf

We also perform the OWASP security vulnerability testing internally for each release. Click the link below to see the security report for Adeptia Connect v3.5:

OWASP Security Vulnerability Scanning Report ACE v3.5

Third party dependency scanning

Adeptia undertakes a detailed scanning of third party dependency to ensure there is no high or critical security vulnerability in the third party dependencies bundled with Adeptia Connect. This assessment involves a deep automated scan using automated scanning tools 'White Source' to discover the security vulnerabilities. 

Click the link below to see the third party dependency scanning report. 

Third party dependency scanning report

This table contains the summary of the high and medium severity vulnerabilities of the micro service images.

Image NameSeverityVulnerability IDDescriptionPublishedModifiedStatus
autoscalerHighCVE-2016-4074The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file.2016-04-042016-04-04To be planned in the GA release

databasemigration

event

portal

runtime

Webrunner

MediumCVE-2021-36159 libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.2021-07-052021-07-05To be planned in the GA release
rabbitmqMediumCVE-2021-36222 ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.2021-07-222021-07-22To be planned in the GA release



Panel
borderStylesolid
titleYou may be interested in...
What is new
Best practices
Training guides
/wiki/spaces/AC40/pages/3180519
/wiki/spaces/AC40/pages/3181640