Compliance Guardian Notice 12172021

Compliance Guardian Patch Notification

Published: December 17, 2021

Version: 1.0

Executive Summary

AvePoint is releasing this security advisory to inform customers that we have identified a medium vulnerability in our Compliance Guardian solution. The issue can be addressed with an upgrade to version 4.6.1.

Advisory Details

AvePoint has identified a vulnerability within the optional Elasticsearch component of Compliance Guardian versions prior to 4.6.1. No remote code execution is possible.

Suggested Actions

Mitigation Steps

Customers using File Analysis refer to Option 1. Customers not using File Analysis, refer to Option 2.

Option 1: For customers using File Analysis functionality.

We recommend your team upgrade to Compliance Guardian version 4.6.1. Versions 4.6.1 and later do not use Elasticsearch.

Customer Responsibilities: Contact AvePoint Support to arrange for your upgrade package. Customers should apply the upgrade package as soon as possible.

Support Contact Options: Please visit Support for contact options.

Option 2: For customers not using the File Analysis functionality.

Customers may remain on the current Compliance Guardian version by removing the Elasticsearch component, AvePoint Indexing Service.

Customer Responsibilities: Follow the necessary steps to Uninstall AvePoint Indexing Service. Contact Support if you require additional assistance.

The information security and data privacy of our customers is AvePoint’s highest priority. If you have any questions about this and/or you are contacted by anyone else about this issue, please contact our security team immediately at security@avepoint.com.

For your additional information please find AvePoint’s reporting policy and response plan:
https://www.avepoint.com/company/vulnerability-reporting-policy/