Security Update
Incident Report for Totango
Resolved
On March 30, the US Cyber Defense Agency echoed a new critical backdoor vulnerability in a linux common package (XZ-utils library).
CVE-2024-3094.

What could be the affect?
Under certain conditions, this backdoor could allow a malicious actor to break authentication, allowing the attacker to gain access to the affected system

What did Totango do since the announcement?
Totango scanned all our Linux instances, in order to check whether we are vulnerable and take the recommended actions to minimize the risk

Current status
After completing the scanning and take the relevant actions - all Totango systems are secured and not vulnerable.
Posted Apr 10, 2024 - 13:28 UTC
This incident affected: Totango Web Application.