Home  >  Support Docs >

TopBraid Enterprise Data Governance (EDG) Security

TopQuadrant Vulnerability Management and Security Policies

TopQuadrant maintains SOC 2 Type 2 Compliance

Open Source Software
TopQuadrant maintains a current list of open source software used in EDG available here. TopQuadrant updates these libraries regularly to ensure the most current security patches are applied.
Scans
TopQuadrant code base is continually monitored for known vulnerabilities. Prior to releases, a complete scan is done as well. Please contact TopQuadrant support for copies of this report.
Response
All vulnerabilities are analyzed for impact and severity. If a vulnerability is found to be critical in the context of normal operation of the software, it will be remedied with a patch or new release or mitigation controls. Non-critical vulnerabilities will be remedied in the following release.
Notification
Customers will be notified through TopQuadrant support if critical vulnerabilities are found that will have an impact on the software and its use by customers.
Reporting
Customers are encouraged to contact TopQuadrant at security@topquadrant.com to report any security concerns or questions regarding TopQuadrant software.

The following table shows the CVEs addressed with TopQuadrant’s latest release. You can find more information in the release notes and corresponding change logs.

8.2.0
CVE-2024-38821
CVE-2024-40094
CVE-2024-21147, CVE-2024-20932, CVE-2024-20952, CVE-2024-20918, CVE-2023-21930
CVE-2024-34750
CVE-2024-7254
CVE-2024-25710
CVE-2024-45801
CVE-2024-38809
critical
high
high
high
high
high
high
medium
CVE-2024-21147
CVE-2024-34750
high
high
CVE-2024-34447, CVE-2024-29857
CVE-2023-52428
CVE-2023-33953,CVE-2023-44487, CVE-2023-4785
high
high
high
CVE-2024-21147
CVE-2024-34750
high
high
CVE-2023-44981
CVE-2024-45745
critical
medium
CVE-2023-5072
CVE-2023-34054, CVE-2023-34062, CVE-2023-36414, CVE-2023-36415, CVE-2023-44487
CVE-2020-28458
CVE-2023-4785, CVE-2023-33953
high
high
high
high
CVE-2024-21147
high
CVE-2021-20087
CVE-2023-4759
CVE-2023-34609
CVE-2023-45133
CVE-2023-3635
CVE-2023-28708
CVE-2023-28709
CVE-2023-2976
CVE-2016-1000027
CVE-2023-34034
high
medium
medium
low
low
low
low
low
low
low
CVE-2023-30533
CVE-2018-16487
CVE-2022-1471
CVE-2023-1370
CVE-2023-22665
CVE-2022-3171
CVE-2022-3509
CVE-2022-3510
CVE-2023-28867
CVE-2023-24998
low
low
low
low
low
high
high
high
high
high
CVE-2022-45143, CVE-2022-4188, CVE-2022-41915, CVE-2022-23494, CVE-2022-46175, CVE-2022-41915, CVE-2022-41881
low
CVE-2022-25857, CVE-2022-25858, CVE-2022-3760, CVE-2022-29885, CVE-2022-23181, CVE-2020-36518
low
CVE-2022-42889
low
CVE-2021-37136, CVE-2021-37137
low
CVE-2022-23596
low
CVE-2021-37714, CVE-2020-26870, CVE-2021-3749, CVE-2020-28168, CVE-2021-42340
low
CVE-2021-44832 Log4j 2.17
low
CVE-2021-45046 Log4j
CVE-2021-44228 Log4j
low
critical
CVE-2019-13990 Quartz
low
CVE-2021-45105 Log4j
low
CVE-2021-45046 Log4j
CVE-2021-44228 Log4j
low
critical
Removed debugging utility with additional abilities
high
CVE-2018-10237, CVE-2019-12400, CVE-2020-2773, CVE-2020-8908, CVE-2020-25649,
CVE-2019-10744, CVE-2020-8203, CVE-2021-23337, CVE-2015-9251
low
Removed debugging utility with additional abilities
high
CVE-2019-10086, CVE2013-0248, CVE-2014-0050, CVE-2016-1000031, CVE-2016-3092, and CVE-2012-0881
low
CVE-2020-13822: elliptic
CVE-2020-8203: lodash
low
low
CVE-2020-7662: websocket-extensions
CVE-2019-0205, CVE-2019-0210: Apache Thrift (Apache Jena)
low
low