Compliance Guardian Patch Notification
Published: December 17, 2021
AvePoint is releasing this security advisory to inform customers that we have identified a medium vulnerability in our Compliance Guardian solution. The issue can be addressed with an upgrade to version 4.6.1.
AvePoint has identified a vulnerability within the optional Elasticsearch component of Compliance Guardian versions prior to 4.6.1. No remote code execution is possible.
Customers using File Analysis refer to Option 1. Customers not using File Analysis, refer to Option 2.
Option 1: For customers using File Analysis functionality.
We recommend your team upgrade to Compliance Guardian version 4.6.1. Versions 4.6.1 and later do not use Elasticsearch.
Customer Responsibilities: Contact AvePoint Support to arrange for your upgrade package. Customers should apply the upgrade package as soon as possible.
Support Contact Options: Please visit Support for contact options.
Option 2: For customers not using the File Analysis functionality.
Customers may remain on the current Compliance Guardian version by removing the Elasticsearch component, AvePoint Indexing Service.
The information security and data privacy of our customers is AvePoint’s highest priority. If you have any questions about this and/or you are contacted by anyone else about this issue, please contact our security team immediately at firstname.lastname@example.org.
For your additional information please find AvePoint’s reporting policy and response plan: