CompanyDOTNETZIP Notification

DOTNETZIP Notification

Published: December 16, 2024
Version: 1.0

Executive Summary

AvePoint is releasing this security advisory to inform customers that we have identified a vulnerability in one of the 3rd party components used in our products listed below. The issue can be addressed with the hotfix provided in this article.

Advisory Details

AvePoint has identified a vulnerability in one of 3^rd party components used in the products listed below (CVE-2024-48510). The applied CVSS 4.0 risk score for this vulnerability is (7.7/High).

Hotfixes are available for the products affected. Customers are highly recommended to contact AvePoint Support and update the software as soon as possible.

Product	Download Link
Compliance Guardian	https://www.avepoint.net/updates/2024-12-12/ComplianceGuardian_Hotfix_4.7.1.54267601_20241211.zip
FLY Server	https://www.avepoint.net/updates/2024-12-13/FLY_Hotfix_4.13.0.4362_20241213.zip
Perimeter	https://www.avepoint.net/updates/2024-12-13/AvePointPerimeter_Hotfix_1.12.3.5652501_20241211.zip
Office Connect	https://www.avepoint.net/updates/2024-12-06/AvePoint_Office_Connect_Hotfix_1.98.0001.zip

Suggested Actions

Mitigation Steps - Please Install the released hotfixes

AvePoint implements best-in-class techniques for identifying, protecting, and detecting cybersecurity threats.

The information security and data privacy of our customers is AvePoint’s highest priority. If you have any questions about this and/or you are contacted by anyone else about this issue, please contact our security team immediately at security@avepoint.com.

For your additional information please find AvePoint’s reporting policy and response plan:
https://www.avepoint.com/company/vulnerability-reporting-policy/

DOTNETZIP Notification