Home > Support Docs >
TopBraid Enterprise Data Governance (EDG) Security
TopQuadrant Vulnerability Management and Security Policies
TopQuadrant maintains SOC 2 Type 2 Compliance
|
Open Source Software |
TopQuadrant maintains a current list of open source software used in EDG available here. TopQuadrant updates these libraries regularly to ensure the most current security patches are applied. |
|
Scans |
TopQuadrant code base is continually monitored for known vulnerabilities. Prior to releases, a complete scan is done as well. Please contact TopQuadrant support for copies of this report. |
|
Response |
All vulnerabilities are analyzed for impact and severity. If a vulnerability is found to be critical in the context of normal operation of the software, it will be remedied with a patch or new release or mitigation controls. Non-critical vulnerabilities will be remedied in the following release. |
|
Notification |
Customers will be notified through TopQuadrant support if critical vulnerabilities are found that will have an impact on the software and its use by customers. |
|
Reporting |
Customers are encouraged to contact TopQuadrant at security@topquadrant.com to report any security concerns or questions regarding TopQuadrant software. |
The following table shows the CVEs addressed with TopQuadrant’s latest release. You can find more information in the release notes and corresponding change logs.
8.0.0
|
CVE-2023-5072 CVE-2023-34054, CVE-2023-34062, CVE-2023-36414, CVE-2023-36415, CVE-2023-44487 CVE-2020-28458 CVE-2023-4785, CVE-2023-33953 |
high high high high |
7.8.0
|
CVE-2021-20087 CVE-2023-4759 CVE-2023-34609 CVE-2023-45133 CVE-2023-3635 CVE-2023-28708 CVE-2023-28709 CVE-2023-2976 CVE-2016-1000027 CVE-2023-34034 |
high medium medium low low low low low low low |
7.7.0
|
CVE-2023-30533 CVE-2018-16487 CVE-2022-1471 CVE-2023-1370 CVE-2023-22665 CVE-2022-3171 CVE-2022-3509 CVE-2022-3510 CVE-2023-28867 CVE-2023-24998 |
low low low low low high high high high high |
7.6.0
|
CVE-2022-45143,
CVE-2022-4188,
CVE-2022-41915,
CVE-2022-23494,
CVE-2022-46175,
CVE-2022-41915,
CVE-2022-41881 |
low |
7.5.0
|
CVE-2022-25857,
CVE-2022-25858,
CVE-2022-3760,
CVE-2022-29885,
CVE-2022-23181,
CVE-2020-36518 |
low |
7.4.1
|
CVE-2022-42889 |
low |
7.4.0
|
CVE-2021-37136,
CVE-2021-37137 |
low |
7.3.0
|
CVE-2022-23596 |
low |
7.2.0
|
CVE-2021-37714,
CVE-2020-26870,
CVE-2021-3749,
CVE-2020-28168,
CVE-2021-42340 |
low |
7.1.3
|
CVE-2021-44832 Log4j 2.17 |
low |
7.1.1
|
CVE-2021-45046 Log4j CVE-2021-44228 Log4j |
low critical |
7.1.0
|
CVE-2019-13990 Quartz |
low |
7.0.5
|
CVE-2021-45105 Log4j |
low |
7.0.4
|
CVE-2021-45046 Log4j CVE-2021-44228 Log4j |
low critical |
7.0.1
|
Removed debugging utility with additional abilities |
high |
7.0.0
|
CVE-2018-10237, CVE-2019-12400, CVE-2020-2773, CVE-2020-8908, CVE-2020-25649, CVE-2019-10744, CVE-2020-8203, CVE-2021-23337, CVE-2015-9251 |
low |
6.4.4
|
Removed debugging utility with additional abilities |
high |
6.4.2
|
CVE-2019-10086, CVE2013-0248, CVE-2014-0050, CVE-2016-1000031, CVE-2016-3092, and CVE-2012-0881 |
low |
6.4.1
|
CVE-2020-13822: elliptic CVE-2020-8203: lodash |
low low |
6.4.0
|
CVE-2020-7662: websocket-extensions CVE-2019-0205, CVE-2019-0210: Apache Thrift (Apache Jena) |
low low |
