Compliance Guardian Patch Notification
Published: December 17, 2021
Version: 1.0
Executive Summary
AvePoint is releasing this security advisory to inform customers that we have identified a medium vulnerability in our Compliance Guardian solution. The issue can be addressed with an upgrade to version 4.6.1.
Advisory Details
AvePoint has identified a vulnerability within the optional Elasticsearch component of Compliance Guardian versions prior to 4.6.1. No remote code execution is possible.
Suggested Actions
Mitigation Steps
Customers using File Analysis refer to Option 1. Customers not using File Analysis, refer to Option 2.
Option 1: For customers using File Analysis functionality.
We recommend your team upgrade to Compliance Guardian version 4.6.1. Versions 4.6.1 and later do not use Elasticsearch.
Customer Responsibilities: Contact AvePoint Support to arrange for your upgrade package. Customers should apply the upgrade package as soon as possible.
Support Contact Options: Please visit Support for contact options.
Option 2: For customers not using the File Analysis functionality.
Customers may remain on the current Compliance Guardian version by removing the Elasticsearch component, AvePoint Indexing Service.
Customer Responsibilities: Follow the necessary steps to Uninstall AvePoint Indexing Service. Contact Support if you require additional assistance.
The information security and data privacy of our customers is AvePoint’s highest priority. If you have any questions about this and/or you are contacted by anyone else about this issue, please contact our security team immediately at security@avepoint.com.
For your additional information please find AvePoint’s reporting policy and response plan:
https://www.avepoint.com/company/vulnerability-reporting-policy/