Trust Center

Recently, the security team here at Automox became aware of the news surrounding a high impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.

We want our customers to know that Automox is not impacted by this vulnerability.

We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.

After careful review of our infrastructure and SBOM, the Automox team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.

On Sept 29th, News broke of a new ProxyLogon 0-day RCE being used to target Microsoft Exchange Servers. Automox is not affected at this time. Automox does not currently use any Microsoft Exchange products in the delivery of our products or services.

On June 2, 2022, Atlassian published a security advisory for CVE-2022-26134, a critical unauthenticated, remote code execution vulnerability in the products Confluence Server and Confluence Data Center. The vulnerability is unpatched as of June 2 and is being exploited in the wild. Automox is not affected by this CVE.

News broke recently surrounding two open source packages that were hijacked. Python's ctx library and PHP's phpass. Automox does not utilize these packages anywhere in our product or services.

CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to the active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager.

Automox does not currently use any of these VMware products in the delivery of our products or services.