8. Security Disclaimer

Security awareness in the industry is rapidly increasing. Many businesses are today actively scanning their software for vulnerabilities to a greater extent. What was considered reasonably safe quite recently is today often seen as vulnerable.

Our product MediationZone 8.3 is based on Java 8, which was for a long time seen as de facto standard, but Java 8 is no longer in active support.

 We have identified potential vulnerabilities associated with this version of the product. These vulnerabilities are categorized using Common Weakness Enumeration (CWE) identifiers. Below is a list of detected CWEs:

Authentication Issues

Sensitive Data Exposure 

XML External Entities (XXE)

Insecure Deserialization

Cross-site Scripting (XSS)

Using Components with Known Vulnerabilities

Allocation of Resources Without Limits or Throttling

CWE-269

CWE-22

CWE-20

CWE-918

CWE-79

CWE-346

CWE-835

CWE-287

CWE-78

CWE-200

CWE-184

CWE-149

CWE-754

CWE-770

CWE-297

CWE-668

 

CWE-502

CWE-611

CWE-248

CWE-130

CWE-306

CWE-732

 

 

 

CWE-787

CWE-776

CWE-639

CWE-378

 

 

 

CWE-444

CWE-400

CWE-284

CWE-532

 

 

 

 

CWE-674

CWE-295

CWE-310

 

 

 

 

 

CWE-552

 

 

 

 

 

 

CWE-347

 

 

 

 

 

 

CWE-863

 

 

 

 

 

 

CWE-113

 

 

 

 

 

 

CWE-379

 

 

 

 

 

 

CWE-254

 

 

 

 

 

 

We continually work to improve the product's security. Certain vulnerabilities, especially those arising from outdated components and our reliance on Java 8 in MediationZone 8.3, may require specific environmental controls and consideration of surrounding contextual factors. We recommend users adopt security best practices or consider upgrading to a later version.

Best Practices for Using MediationZone 8.3 

While MediationZone offers valuable features, it's essential to be aware of potential security risks. It's built on Java 8 and includes dependencies that may no longer be actively maintained. To ensure you utilize our product safely, please consider the following recommendations:

  • Data Protection:

    • Always validate and sanitize data inputs, especially if they come from untrusted sources.

    • Avoid exposing detailed error messages or logs that might give away system details. 

  • Authentication and Authorization:

    • Where possible, use Multi-Factor Authentication (MFA) to enhance security.

    • Regularly review user accounts and permissions to ensure only necessary personnel have access. 

  • Secure Deployment:

    • Monitor the application's performance and behavior for any anomalies.

    • Ensure that the system hosting MediationZone is patched and updated regularly. 

  • Network Security:

    • Protect your network with firewalls and monitor for unusual activity.

    • Ensure the web interface is only accessible to necessary individuals, possibly by limiting IP addresses that can access it. 

  • Cryptography:

    • Ensure that cryptographic keys are stored securely and use TLS configurations when transmitting data. 

  • Access Control:

    • Implement the principle of least privilege. Ensure that only essential personnel have access to our product's administrative features. 

  • Backup and Recovery:

    • Regularly back up any data associated with our product. Ensure backups are stored securely and can be restored quickly in case of issues. 

  • Monitoring:

    • Continuously monitor the environments where our product is deployed. Use intrusion detection systems and other monitoring tools to spot and respond to anomalies. 

  • Secure Configuration:

    • Follow our product's documentation to securely configure all features. Avoid using default credentials or settings.