Automox Security and Trust
Welcome to Automox's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.
Our Automox Security Team embodies over three decades of operational expertise in designing and safeguarding large-scale, multi-tenant cloud and internet applications. In line with our dedication to fostering transparency and security, we mandate that all team members undergo stringent background checks before employment. This proactive approach ensures that our team operates in an environment that is both secure and transparent, reinforcing our commitment to creating a safer world.
Compliance


Documents
Risk Profile
Product Security
Reports
Self-Assessments
Data Security
App Security
Legal
Access Control
Infrastructure
Endpoint Security
Network Security
Corporate Security
Policies
Security Grades
Trust Center Updates
Recently, the security team here at Automox became aware of the news surrounding a high impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.
We want our customers to know that Automox is not impacted by this vulnerability.
We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.
After careful review of our infrastructure and SBOM, the Automox team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.
On Sept 29th, News broke of a new ProxyLogon 0-day RCE being used to target Microsoft Exchange Servers. Automox is not affected at this time. Automox does not currently use any Microsoft Exchange products in the delivery of our products or services.
On June 2, 2022, Atlassian published a security advisory for CVE-2022-26134, a critical unauthenticated, remote code execution vulnerability in the products Confluence Server and Confluence Data Center. The vulnerability is unpatched as of June 2 and is being exploited in the wild. Automox is not affected by this CVE.
News broke recently surrounding two open source packages that were hijacked. Python's ctx library and PHP's phpass. Automox does not utilize these packages anywhere in our product or services.
CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to the active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager.
Automox does not currently use any of these VMware products in the delivery of our products or services.
If you think you may have discovered a vulnerability, please send us a note.