Security Advisories

Security-related content.

CVE-2024-0985 - Vulnerability in PostgreSQL Database
Summary & Key Actions Required We have completed our analysis of CVE-2024-0985 which we became aware of on February 12th 2024 and currently has a base ...
Mon, 19 Feb, 2024 at 9:56 AM
XAN-5149 - Extra data disclosure issue for authenticated users
Summary & Key Actions Required Avantra has become aware of a medium-severity data disclosure issue affecting customers running Avantra server 23 up to ...
Wed, 24 Jan, 2024 at 5:22 PM
CVE-2023-49093 - Code Injection via XSLT processor in HTMLUnit Package
Summary & Key Actions Required We have completed our analysis of CVE-2023-49093 which we became aware of on December 5th 2023 and currently has a base ...
Fri, 15 Dec, 2023 at 7:07 AM
Avantra transports: code scanning returns high severity result "Cross-Client Access to Business Data"
Issue You perform static code scanning on our SAP ABAP systems, and the solution finds an issue in the Avantra ABAP code, which is reported as high severit...
Wed, 2 Aug, 2023 at 8:02 AM
Avantra Hardening Guide
Avantra Hardening Guide The Avantra hardening guide has been moved to the main product documentation at: https://docs.avantra.com/product-guide/23/avantra/...
Thu, 11 May, 2023 at 2:48 PM
CVE-2023-26119 - HtmlUnit Remote Code Execution (RCE)
Summary & Key Actions Required At present we are continuing to analyze CVE-2023-26119 which we became aware of on 3rd April 2023 and currently has a CV...
Tue, 4 Apr, 2023 at 7:57 AM
CVE-2021-44832 - Log4j - JDBC Appender RCE
Summary & Key Actions Required At present, there are no actions required by Avantra software users other than the mitigations required for previous Log...
Fri, 31 Mar, 2023 at 12:01 PM
CVE-2022-23221 - H2 - Remote Code Execution
Summary & Key Actions Required At present we are continuing to analyze CVE-2022-23221 which we became aware of on 21st January 2022 and currently has a...
Fri, 31 Mar, 2023 at 11:58 AM
CVE-2022-31692 - Spring Security - Authentication Bypass
Summary & Key Actions Required Following our investigations, we have concluded that this component is NOT exploitable in its current configuration with...
Fri, 31 Mar, 2023 at 11:54 AM
CVE-2022-42889 - Apache Commons Text - Code Injection
Summary & Key Actions Required Following our investigations, we have concluded that this component is NOT exploitable in its current configuration w...
Fri, 31 Mar, 2023 at 11:50 AM