Security Alert

Overview

mgm security partners GmbH collects useful information about current threads and new attack vectors in softwares and technologies used by the software development teams at mgm.

This information is edited and commented to be of use for mgm employees and projects in order to maximize security in daily business.

Overall Risk Classification

HIGH → Immediate action is required, business processes or customer data is in danger.

MEDIUM → No immediate action is required, but the threat has to be analyzed individually in short-term.

LOW → Action is only required if chosen to by the persons responsible. test

INFO → No risk, purely informational content.

Our vision is to aid all mgm software projects with delivering secure software. Since the development of complex software generally depends upon a specific software stack and possibly many third-party dependencies, ensuring the absence of major security bugs in these dependencies is paramount for delivering secure software.

Consequently, our monitoring focus lies on application-level technology that is relevant for building and delivering software. This includes:

  • Important frameworks for application development (Spring, Apache Struts, Shiro, …)
  • Outstanding cross-level dependencies (e.g. OpenSSL)
  • Web Application Server (Tomcat, Nginx, …)

We do not explicitly monitor

  • IT infrastructure or operating system level technology, including databases
  • Client software (Flash, Browser, …)

Archive

  • Several Spring vulnerabilities

    Pivotal has published several severe vulnerabilities related to Spring components. Your project may be affected if one of the following components is used: Spring Messaging, Spring Security, Spring Data Commons in combination with XMLBeam, Spring Security OAuth2, Spring Integration Zip or Apps Manager.