JCloud security update, January 2021 / Q4 2020
Multiple critical security vulnerabilibites in software from different vendors have been published last quarter. Some of them are or could be closely related to JCloud services. Security information about these products are therefor published in this article.
JCloud do NOT use the following products, neither in infrastructure nor by its employees, and is therefore NOT vulnerable to any published security vulnerabilities in:
- Solarwinds products
- Solutions using Sudo (aka Baron Samedi, CVE-2021-3156)
- Oracle products
- Microsoft products
- Juniper products
- Solutions using dnsmasq (dnspooq)
- Cisco security manager (CVE-2020-27125 CVE-2020-27130 CVE-2020-27131)
- Ubiquity cloud manager
JCloud may occasionally use the following products by its employees, but no security incidents have been reported:
- Apple IOS14 (CVE-2021-1782 CVE-2021-1871 CVE-2021-1870)
All related and known security vulnerabilities have been corrected with software updates no later than January 27th
JCERT, 2021-01-27