Category Archives: Security Notices

CVE-2023-30297 Release Note

Posted on July 27, 2023 by Matt Miller

The following vulnerability was addressed in N-central 2023.4 (released on June 22, 2023): CVE-2023-30297 could allow for the N-central agent to be vulnerable to a Man in the Middle (MITM) attack due to the certificate errors not being recognized by … Continue reading

Posted in N-central, Security Notices | Comments Off on CVE-2023-30297 Release Note

OpenSSL Critical Vulnerability

Posted on November 1, 2022 by carlagajdecki

UPDATED NOVEMBER 2: N-able is aware OpenSSL.org released two vulnerabilities (CVE-2022-3602 and CVE-2022-3786) that affect OpenSSL version 3.0.0 and later and have been addressed in OpenSSL 3.0.7. After thorough investigation, our team has determined N-able’s products are not impacted by … Continue reading

Posted in Backup (N-central), Backup (RMM), Cloud User Hub, Cove Data Protection, Cove Data Protection release notes, Cove Data Protection service updates, Mail Assure, MSP Anywhere, MSP Manager, MSP Service Desk, N-central, N-sight, Passportal, Risk Intelligence, Security Notices, Take Control | Comments Off on OpenSSL Critical Vulnerability

N-able and Spring4Shell(CVE-2022-22965)

Posted on April 4, 2022 by carlagajdecki

Update after SWI noticeUpdated April 6, 2022 N-able has been closely monitoring details as they’ve emerged around the Spring4Shell vulnerability, which has received quite a bit of attention over the last week. The N-able security team began to investigate any … Continue reading

Posted in Cove Data Protection, Mail Assure, MSP Anywhere, MSP Manager, MSP Service Desk, N-central, Passportal, Risk Intelligence, Security Notices, Take Control | Comments Off on N-able and Spring4Shell(CVE-2022-22965)

Apache Log4j Vulnerability – Updated 1:00 p.m. EST, December 22, 2021

Posted on December 20, 2021 by carlagajdecki

Updated: December 21, 2021 Risk Intelligence deployed appropriate patches as of 4 1.m. EST December 21, 2021. Original Post: As you may know, a vulnerability within the Apache Log4j tool was identified on Friday, December 10, 2021 – tracked as CVE-2021-44228. … Continue reading

Posted in Cove Data Protection, Mail Assure, MSP Anywhere, MSP Manager, MSP Service Desk, N-central, Passportal, Risk Intelligence, Security Notices, Take Control | Comments Off on Apache Log4j Vulnerability – Updated 1:00 p.m. EST, December 22, 2021

N-able Risk Intelligence: Apache Log4j Vulnerability Fix

Posted on December 15, 2021 by carlagajdecki

We have released an update to Risk Intelligence to address the recent Apache Log4j vulnerability. We have evaluated risk within Risk Intelligence and have deployed patches for any vulnerable components as of 3:00 am EST on December 15, 2021.  Please … Continue reading

Posted in Risk Intelligence, Security Notices | Comments Off on N-able Risk Intelligence: Apache Log4j Vulnerability Fix

Apache Log4j Vulnerability – Updated 12 p.m. EST, December 15, 2021

Posted on December 13, 2021 by carlagajdecki

Updated 2:30 p.m. EST, December 20, 2021 The Apache Software Foundation (ASF) has rolled out another update – version 2.17.0 – for its Java-based open-source logging library Log4j to address a third security vulnerability first discovered December 10, 2021. In response, … Continue reading

Posted in Cove Data Protection, Cove Data Protection service updates, Mail Assure, MSP Anywhere, MSP Manager, MSP Service Desk, N-central, Passportal, Risk Intelligence, Security Notices, Take Control | Comments Off on Apache Log4j Vulnerability – Updated 12 p.m. EST, December 15, 2021

Apache Log4j Vulnerability – Updated 12 p.m. EST, December 15, 2021

Posted on December 10, 2021 by carlagajdecki

Updated 2:30 p.m. EST, December 20, 2021 The Apache Software Foundation (ASF) has rolled out another update – version 2.17.0 – for its Java-based open-source logging library Log4j to address a third security vulnerability first discovered December 10, 2021. In response, … Continue reading

Posted in Cove Data Protection, Mail Assure, MSP Anywhere, N-central, Passportal, Risk Intelligence, Security Notices | Comments Off on Apache Log4j Vulnerability – Updated 12 p.m. EST, December 15, 2021

Apache Log4j Vulnerability

Posted on December 10, 2021 by carlagajdecki

Updated 2:30 p.m. EST, December 20, 2021 The Apache Software Foundation (ASF) has rolled out another update – version 2.17.0 – for its Java-based open-source logging library Log4j to address a third security vulnerability first discovered December 10, 2021. In response, … Continue reading

Posted in N-central, Risk Intelligence, Security Notices | Comments Off on Apache Log4j Vulnerability

Unquoted Service Path Vulnerability Update

Posted on March 26, 2021 by carlagajdecki

On March 25, 2021, our partner, Omega Systems, reported that an unquoted service path vulnerability existed within our Windows Ecosystem Agent services for N-able™ RMM and N-central®. This vulnerability may allow a malicious actor to execute their own malicious payloads … Continue reading

Posted in N-central, Security Notices | Comments Off on Unquoted Service Path Vulnerability Update

Final Reminder: Certificate Upgrade

Posted on March 3, 2021 by carlagajdecki

Update March 8, 2021 The digital certificate for our SolarWinds MSP products has been revoked, as of 7:00PM EST on March 8, 2021. *********************************************************************************** March 3, 2021 As we have communicated, the digital certificate for our SolarWinds MSP products will … Continue reading

Posted in Cove Data Protection, Cove Data Protection release notes, Cove Data Protection service updates, Mail Assure, MSP Anywhere, MSP Manager, MSP Service Desk, N-central, Passportal, Risk Intelligence, Security Notices, Take Control | Comments Off on Final Reminder: Certificate Upgrade