This is the place to find all service bulletins. You know, for stuff like security, end of life, recall, upgrades, etc.
CatDV Service Notice - RMI Session Hijacking Vulnerability
CATDV SERVER: UPDATE NOW: MANDATORY SECURITY UPDATE
Summary: SBS is notifying you of a vulnerability impacting the CatDV Server software. There is a known CVE (Common Vulnerabilities & Exposures) related to this issue, which has been publicly disclosed and assigned ID number CVE-2021-26705. Under certain active session conditions, this vulnerability may be able to be exploited to allow an attacker to gain administrative level access to the CatDV Server system and it is therefore mandatory that all CatDV Server users upgrade to the latest versions to avoid any unauthorized access.
Spectre and Meltdown Vulnerability
Quantum has been made aware of multiple microarchitectural (hardware) implementation issues affecting many modern microprocessors, requiring updates to operating system software in combination with a microcode update. There are 3 known CVEs related to this issue in combination with Intel, AMD, and ARM architectures. Affected operating systems include recent versions of Linux (Red Hat, CentOS, SUSE), Microsoft Windows and Apple macOS.
Apache Struts2 REST Plug-in Vulnerability
The recent data breach announced by Equifax has raised concerns across enterprises and institutions about security vulnerabilities within widely used open source software.
GHOST glibc Vulnerability
Quantum products that have been developed using the GNU C Library (glibc) may be affected by the GHOST glibc vulnerability identified as CVE-2015-0235. The GHOST vulnerability is a serious weakness in the Linux glibc library.
GNU Bash Vulnerability 'Shellshock'
Like many other companies, Quantum has been affected by the Shellshock bug, a serious vulnerability in GNU Bourne Again Shell (Bash), the common command-line shell utility, which may allow an attacker to remotely execute arbitrary code.
Multiple Petya Ransomware Infections
ICS-CERT is aware of reports of a variant of the Petya malware that is affecting several countries. ICS-CERT is releasing this alert to enhance the awareness of critical infrastructure asset owners/operators about the Petya variant and to identify product vendors that have issued recommendations to mitigate the risk associated with this malware.
OpenSSL Heartbleed Bug Vulnerability
Like many other companies, Quantum has been affected by the Heartbleed bug, a serious vulnerability in the popular OpenSSL cryptographic software library.
All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability.
Samba Heimdal Kerberos Vulnerability
Samba Team has released security updates that address a vulnerability in all versions of Samba from 4.0.0 include an embedded Heimdal Kerberos.