SaaS Products Security/Vulnerability Advisory

CLOUDBASIX Software-As-A-Service (SaaS) Products
Distributed via AWS, Microsoft Azure, Google Cloud and other channels

Security Advisory

SaaS Product Security Advisory	Release Date Generally Available (GA) Report/Discovery Date	Current Version	Reported by	Remediation Status
CloudBasix InterCloud, SQL Server Edition SQL Server HA/DR S3 Data Lakes Redshift	November 3, 2014	13.2
Apache Log4j disclosed a new RCE issue CVE-2021-44228 that affects all versions from 2.0-beta9 to 2.14.1 [1]	December 11, 2021		Amazon Web Services Internal Discovery (SCA)	A new AMI version was released shortly after the report with removed Log4j (as not used by the product; used by a MS tool). For customers with existing instances, provided recommendation to delete the file, located in C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\ log4j -1.2.17.jar
Microsoft.AspNetCore Medium risk vulnerability (based on product delivery model)	October 3, 2022		Internal Discovery (SCA)	Upgraded from Microsoft.NetCore.App 2.2.8 to 6.0.19 The NetCore version is located in the 2 sub-folders of C:\Program Files\dotnet\shared The updater Version 13.0 and later removes sub-folders of C:\Program Files\dotnet\shared labeled 2.2.8 and replaces those with 6.0.19.
One year Advanced notice regarding Windows 2012 (including R2) based instances	October 10, 2022		Microsoft	Microsoft Windows 2012 (including R2) EOL support will end on Oct-22-2023 https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2012 https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 Upgrade path : To Windows 2019 based Instance. Refer to below upgrade guidance resource, or contact Support — https://cloudbasix.com/ saas-products-security-advisory / windows-2012-to-2019-migration

SaaS Product/ Security Vulnerability Reports	Release Date Generally Available (GA) Report/Discovery Date	Current Version	Reported by	Remediation Status
CloudBasix InterCloud Snowflake, BigQuery, CloudSQL PostgreSQL	October 25, 2021	4.9		NA
Spring Framework Data Binding Rules Vulnerability ( CVE-2022-22968 )	May 5, 2022		Internal Discovery (SCA)	Upgraded to latest Spring Boot framework shortly after discovery. New image and update packages produced.

Last updated: Dec-10-2022