Compart - Document- and Output-Management

Important Security Alert:
CVE-2023-46604 Affecting Apache ActiveMQ

Compart Customer Information
 

Security Vulnerability in Apache ActiveMQ: Overview

  • Issue: A critical security vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, has been recently discovered.
  • Compart's Response: We initiated an immediate investigation into the impact on our products and began developing countermeasures upon discovery.

 

Which Compart Products Are Affected?

List of impacted products:

  • DocBridge® Pilot (up to version 3.9.12)
  • DocBridge® Mill Plus (up to version 2.16.0)
  • DocBridge® Auditrack (up to version 1.6.0)

 

What actions is Compart taking to mitigate the risk?

Remediation Steps

  • Hotfix: Contact our support via the myCompart customer portal
  • Patch Releases: Compart is providing patch releases for the affected products. These are available for download on the Compart customer portal myCompart.
  • Link: https://my.compart.com

 

Note on Other Compart Products

Not affected: Other Compart products, besides those mentioned above, are not affected by this vulnerability.

Recommended Immediate Actions

In general, we recommend the follow actions:

  • Network Security: Prevent public internet access to the affected DocBridge products.
  • Access Restrictions: Limit access to the network ports used by the DocBridge products and allow only verified sources.
  • IP Address Verification: Ensure that only verified IP addresses have access to the DocBridge products.
  • Restrict External Connections: Limit external server connections to essential IP addresses and domains.
  • Load Balancer Settings: Extend network restrictions to load balancer settings, if in use.

Additional Security Measures by Compart

  • Internal IT Systems: We have checked all internal systems for vulnerabilities and implemented recommended measures and available patches.
  • Ongoing Monitoring: We continue to closely monitor the situation and will promptly inform our customers of any new developments.

 

We Are Here to
Answer Your Questions