Yellowfin uses Apache Struts! Am I at risk of suffering a breach like Equifax?
September 15th, 2017
As of the time of this writing, there is no official release of breach details from the Equifax Security Team. If you're reading this article, you've likely read one of the speculating articles pointing towards Apache Struts as a possible breach point. While I'm not discounting these hypotheses, this information likely won't be available for some time.
With that being said, in the ever-evolving security landscape of the digital world, we are continuously working to refine our vulnerability monitoring process. As always, if you have concern about any particular vulnerabilities flagged in security scans, or with particular libraries, don't hesitate to submit a Support ticket expressing your concern or asking for information!
There has been a lot of talk about Apache Struts being the attack vector leveraged during the Equifax breach. I've written a brief statement regarding Yellowfin's use of this library, which you can review here. While there's no official statements regarding particular CVE's, we continue to field these on a case by case basis determined by whether it impacts our application.