Webinar: Five Key Considerations for Managing Complex Taxonomies
Register now

TopBraid Enterprise Data Governance (EDG) Security

TopQuadrant Vulnerability Management and Security Policies

TopQuadrant maintains SOC 2 Type 2 Compliance

Open Source Software
TopQuadrant maintains a current list of open source software used in EDG available here. TopQuadrant updates these libraries regularly to ensure the most current security patches are applied.
Scans
TopQuadrant code base is continually monitored for known vulnerabilities. Prior to releases, a complete scan is done as well. Please contact TopQuadrant support for copies of this report.
Response
All vulnerabilities are analyzed for impact and severity. If a vulnerability is found to be critical in the context of normal operation of the software, it will be remedied with a patch or new release or mitigation controls. Non-critical vulnerabilities will be remedied in the following release.
Notification
Customers will be notified through TopQuadrant support if critical vulnerabilities are found that will have an impact on the software and its use by customers.
Reporting
Customers are encouraged to contact TopQuadrant at security@topquadrant.com to report any security concerns or questions regarding TopQuadrant software.

The following table shows the CVEs addressed with TopQuadrant’s latest release. You can find more information in the release notes and corresponding change logs.

6.4.0
CVE-2020-7662: websocket-extensions
low
6.4.0
CVE-2019-0205, CVE-2019-0210: Apache Thrift (Apache Jena)
low
6.4.1
CVE-2020-13822: elliptic
low
6.4.1
CVE-2020-8203: lodash
low
6.4.2
CVE-2019-10086, CVE2013-0248, CVE-2014-0050, CVE-2016-1000031, CVE-2016-3092, and CVE-2012-0881
low
6.4.4
Removed debugging utility with additional abilities
high
7.0.0
CVE-2018-10237, CVE-2019-12400, CVE-2020-2773, CVE-2020-8908, CVE-2020-25649, CVE-2019-10744, CVE-2020-8203, CVE-2021-23337, CVE-2015-9251
low
7.0.1
Removed debugging utility with additional abilities
high
7.1.0
CVE-2019-13990 Quartz
low
7.0.4
CVE-2021-45046 Log4j
CVE-2021-44228 Log4j
low
critical
7.0.5
CVE-2021-45105 Log4j
low
7.1.1
CVE-2021-45046 Log4j
CVE-2021-44228 Log4j
low
critical
7.1.3
CVE-2021-44832 Log4j 2.17
low
7.2.0
CVE-2021-37714
CVE-2020-26870
CVE-2021-3749
CVE-2020-28168
CVE-2021-42340
low
7.3.0
CVE-2022-23596
low
7.4.0
CVE-2021-37136
CVE-2021-37137
low
7.4.1
CVE-2022-42889
low
7.5.0
CVE-2022-25857
CVE-2022-25858
CVE-2022-3760
CVE-2022-29885
CVE-2022-23181
CVE-2020-36518
low

Info

How Knowledge Graphs Work
Resource Hub
Events & Webinars
Customer Portal

Products

Vocabulary Management
Reference Data Management
Metadata Management
AutoClassifier & Tagger

Services

Envisioning & Assessment
Training
Professional Services
Premium Support

Company

About Us
Customers
Contact Us
Request Demo
930 Main Campus Drive #300, Raleigh, NC 27606  •  (919) 300-7945
930 Main Campus Drive #300
Raleigh, NC 27606
(919) 300-7945
© 2022 TopQuadrant Inc.
Privacy Policy
Terms & Conditions
This is some text inside of a div block.