The attached pdf is the Workfront security bulletin regarding the Modern Computer Processor (CPU) Speculative Execution Vulnerability
Workfront is aware of a recently disclosed vulnerability with modern computer processor (CPU) hardware, in which data cache timings can be exploited to allow information leaking across local security policies and boundaries. This vulnerability has been present in modern computer processor (CPU) hardware for more than 20 years, but only recently discovered. Intel, AMD, ARM, and other CPU vendors are potentially affected, as well as servers, desktops, laptops, mobile devices, and other peripherals that use these technologies.
Workfront is diligently working with our preferred cloud vendors and internal engineering and operational teams to ensure that resolutions to these potential vulnerabilities are implemented and validated as soon as possible; within our collective patching guidelines and security vulnerability processes and cadences.
This is a recently disclosed vulnerability regarding modern computer processor (CPU) hardware, that leverages speculative execution and branch prediction that may allow unauthorized access of information via a local user exploit through side-channel analysis. The Common Vulnerability and Exposures (CVE) reference numbers for these vulnerabilities are: CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754.
Risk Mitigating Factors
Workfront is a cloud-based SaaS application that runs within an enterprise application server on virtualized hypervisor technologies. This implementation allows for an increased level of abstraction, authorization, and memory management, that separates Workfront users and customers from low-level server hardware and operating systems. This technological methodology limits the exposure Workfront users and customers have regarding this modern computer processor (CPU) hardware vulnerability.
Corrective Actions & Prevention
The Workfront Platform and Cloud Engineering organizations have performed preliminary analysis and reviews of this potential vulnerability, and have implemented the required operating system vendor patches into Workfront’s established security vulnerability process and patching cadence.
Workfront is committed to continually fostering robustness, reliability, and resiliency within our enterprise SaaS ecosystem. This goal is accomplished through constantly optimizing internal processes and best practices, quickly improving deficiencies in technical areas, and focusing on preventative and fault-tolerant systems to maintain uptime and performance.