Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Adeptia follows established processes for security testing and ensures that there is zero critical and high vulnerability in the released product.  The following table contains the summary of high and medium severity vulnerabilities of the microservice images of This page provides the testing report for security testing done on Adeptia Connect v4.1.

...

Database Migration

Shared

License

Webapp gateway

REST API Publisher

API Publisher Gateway

Migration

Listener

...

Webapp Gateway

API Publisher Gateway

Migration

...

The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

...

CVE-2022-1292

CVE-2022-2068

...

CVE-2022-1586

CVE-2022-1587

...

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

...

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

...

libcurl provides the CURLOPT_CERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

...

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

...

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

...

CVE-2022-22824

CVE-2022-22822

CVE-2022-22823

CVE-2022-23990

CVE-2022-25315

CVE-2022-22825

CVE-2022-22827

CVE-2022-22826

CVE-2021-46143

CVE-2022-25314

...

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

...

CVE-2022-1292

...

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

...

Penetration testing

Adeptia has engaged a third-party vendor 'RedTeam Security Consulting' to perform a web security assessment and penetration testing of Adeptia Connect v4.1 and ensured zero critical and high vulnerability issues.

Following is the link to security scanning report for your reference.

Security scanning report: OWASP Security Vulnerability Scanning Report.pdf

Adeptia Connect Cloud Security Assessment report is also available on demand. To get this report, you can contact Adeptia support.