Security Advisories

Security-related content.

CVE-2023-20860 - Spring potential security bypass
Summary & Key Actions Required At present we are continuing to analyze CVE-2023-20860 which currently has a CVSS score of 9.1 and impacts the software ...
Tue, 28 Mar, 2023 at 9:29 AM
CVE-2022-22963 & CVE-2022-22965 - Spring RCE
Summary & Key Actions Required This CVE does not impact Avantra installations. Related security articles: Avantra Hardening Guide CVE-20...
Wed, 6 Apr, 2022 at 6:57 PM
CVE-2021-44228 - Log4j - JNDI message lookup
Summary & Key Actions Required Avantra Server (master) Upgrade your server (master) to either: 21.11.2+ 20.11.11+ [manual mitigation] If you...
Thu, 6 Jan, 2022 at 12:50 PM
CVE-2021-45105 - Log4j - Denial of service via infinite recursion
Summary & Key Actions Required We are continuing to monitor advice from the maintainers around CVE-2021-45105 which currently has a CVSS score of 7.5 –...
Thu, 6 Jan, 2022 at 12:46 PM
CVE-2021-45046 - Log4j - Thread Context Message/Lookup
Summary & Key Actions Required We are continuing to monitor advice from the maintainers around CVE-2021-45046 which currently has a CVSS score of 9.0...
Thu, 6 Jan, 2022 at 12:46 PM
CVE-2021-44228 - 20.5 and 20.2 Recommendations
Please see our main article on CVE-2021-44228 for a full overview. Actions required for 20.5, 20.2, and below Customers running any version of 20.5 ...
Mon, 20 Dec, 2021 at 9:12 AM
CVE-2021-44228 - 20.11.x Recommendations
Please see our main article on CVE-2021-44228 for a full overview. Actions required for 20.11.X Customers running any version of 20.11 Avantra are i...
Mon, 20 Dec, 2021 at 9:09 AM
CVE-2021-44228 - 21.11.x Recommendations
Please see our main article on CVE-2021-44228 for a full overview. Actions required for 21.11 Customers running any version of 21.11 Avantra are im...
Mon, 20 Dec, 2021 at 9:06 AM
CVE-2021-44228 - Custom Check - verify Avantra has been hardened
This custom check sample for Linux is designed to analyze your Avantra master server to ensure that the hardening configuration against CVE-20221-44228 has ...
Tue, 14 Dec, 2021 at 7:59 PM
CVE-2021-44228 - Sample code - agent configuration changes - linux
Should customers be unable to trigger an update of their Avantra agent 20.11.X to 20.11.701 or 20.11.10, then there is a configuration change required in th...
Mon, 13 Dec, 2021 at 3:48 PM