The Appfire Trust Center connects you to the latest information on the security, privacy, and compliance of our uniquely positioned products and services, to give you the comfort and trust you need when buying and using any Appfire app.
Appfire has received a recommendation for certification for ISO 27001 and ISO 27017, and has also completed its SOC 2 audit.
Requesting full access will give you access to NDA protected content. Subscribing will provide you with notifications of future updates.
Trust Center Updates
Appfire Security Advisory CVE-2023-22515IncidentsCopy link
Broken access control vulnerability in Confluence Data Center and Server
Background Atlassian has released a critical security advisory regarding CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server. This note summarizes how this vulnerability affects Appfire applications, systems, and data and what mitigation steps Appfire is undertaking to minimize the impact.
Appfire applications affected by CVE-2023-22515
No Appfire applications are directly affected by, or contribute to the likelihood or impact of, this vulnerability. The risk is confined to the underlying Confluence Data Center and Server instances and their installed apps. The risk remains the same, regardless of which Appfire applications are installed. Since it is an elevation of privilege vulnerability, it is possible for adversaries to create admin-level accounts in Confluence that will allow them full access to install or remove all marketplace apps, as well as allow access to the administrative functions of any installed apps in the affected instance of Confluence.
Appfire corporate Confluence sites affected by CVE-2023-22515 All Appfire Confluence DC and Server sites have been evaluated and any identified risks mitigated.
CVSS 10: URGENT ACTION REQUIRED Clients running affected Confluence Server or Data Center are advised to urgently upgrade to a non-vulnerable version of Confluence Data Center or Server. Furthermore, investigate if escalated privilege or suspicious accounts have been created and used
References: Atlassian Security Advisory for CVE-2023-22515 Atlassian security advisories
Appfire is Not Affected by MOVEit Vulnerabilities (CVE-2023-35708)IncidentsCopy link
Appfire is Not Affected by MOVEit Vulnerabilities (CVE-2023-35708)
Our security team has recently been made aware of a notable vulnerability associated with the MOVEit application from Progress Software. After an extensive review, we have determined that our products and corporate infrastructure do not use or incorporate the affected technology/software.
Appfire Sub-processor List Updated - 6-9-2023SubprocessorsCopy link
Appfire has updated our Sub-processors' list as of June 9, 2023. Please, see the updated list on our Trust Center.
Appfire Legal Team
Appfire Penetration Testing Attestation Letters ReleasedComplianceCopy link
A typo in the link provided in the last update was brought to our attention.
Please use the link below to access Appfire's Attestation Letters:
- The Appfire Security Team
Appfire has released 2022 penetration test attestation letters for its cloud based products and corporate domains. Appfire addresses all critical, high and medium findings identified during penetration testing.
Click here: Appfire Attestation Letters
Appfire is committed to maintaining a strong security posture to offer our customers peace of mind. Penetration testing is just one of the tools that we use to accomplish this. Our mission is to make sure you feel secure buying and using any of our products and services.
Thank you for being our customer and partner.
- The Appfire Security Team
Welcome to the Appfire's Security, Privacy & Compliance Trust CenterGeneralCopy link
As an organization that is security and privacy conscious, we are excited to announce the official launch of the Appfire's Security, Privacy & Compliance Trust Center. By using this portal, you can request access to our compliance documents, review our standardized questionnaires such as the CAIQ-Lite and gain a general understanding of our security and privacy posture.
Over time, our team will be making changes to this portal as we implement new tools and processes in our environment. You can use the Subscribe button to receive email notifications for when our team has an important update, such as if we have an updated compliance report or if we have a status update regarding a major security vulnerability that has been recently discovered.
-The Appfire Security & Privacy Team