This article reviews Extensiv's latest security initiatives and detected vulnerabilities.

SOC 2 Type 2 report

Extensiv has issued its SOC 2 Type 2 report, which we completed to demonstrate that our security program is meeting our commitments to you our customers. This report, along with other information about our security and compliance posture, can be found at Extensiv's Trust Center.
 

Recent vulnerabilities

Statement from December 15, 2021:

Extensiv is aware of the recently disclosed security issue relating to the open-source Apache "Log4j2" utility (CVE-2021-44228), more commonly known as the "Log4Shell" attack.

The vulnerability across Extensiv product lines was minimal, as no core code made use of the compromised Java library. However, there were some ancillary tools and services that did make use of the library. Those systems have been patched and audited, and we have concluded that there was no known breach of security or information at this time. We will continue to be vigilant and monitor the system.

Additional service-specific information is provided below. If you'd like more details or need technical assistance, please contact Technical Support.
 

3PL Warehouse Manager

• Cache layers were not affected
   
• Databases were not affected
   
• File system patched – December 11, 2021*
   
• Compute layers patched – December 13, 2021*
   
• Application VMs patched – December 13, 2021
   

Integration Manager

• No services were affected
   

CIO Technologies

• CIO Direct was not affected
   
• CIO Remote was not affected
   

Order Manager

• Application / Compute layers were not affected
   
• File system patched – December 11, 2021*
   
• Cache patched – December 12, 2021*
   
• Messaging systems patched – December 13, 2021*
   
• Log layer patched – December 14, 2021*
   

Warehouse Manager

• No services were affected

* An asterisk indicates that the technology used was part of a managed cloud service. Extensiv leverages cloud technologies to improve its security profile, extend its availability, and magnify its service offerings. More information about patches on the managed cloud services can be found here.