Trust Site

Start your security review
View & download sensitive information
Search items
ControlK

Demandbase is the leading account-based GTM platform for B2B enterprise sales and marketing teams, designed to make every moment and every dollar count. That's because when the stakes are high, aligning revenue teams to act with precision and confidence is the difference between crushing the quarter or falling short. Since creating the category in 2013, Demandbase continues to revolutionize the way B2B companies go to market with AI-powered insights and industry-leading impact.

Documents

REPORTSPentest Report 2024
Trust Site Updates

Zero Day Vulnerability

VulnerabilitiesCopy link

On August 9th, 2024, Demandbase received intelligence regarding a zero-day vulnerability affecting certain browsers, including Chrome, Firefox, and Safari. This vulnerability allows external websites to communicate with, and potentially exploit, software running locally on macOS and Linux systems.

Upon learning of this issue, Demandbase conducted an internal investigation and found no affected endpoints. Demandbase uses an unaffected version of Chrome, along with recommended advisory controls.

We will continue to closely monitor developments related to this vulnerability, and will provide updates if necessary.

Published at N/A

DigiCert Revocation Incident - Update

IncidentsCopy link

On July 31st, 2024, Demandbase became aware of a new software supply chain security concern involving DigiCert SSL/TLS certificates. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data.

Demandbase has multiple security technologies that permit us to audit our infrastructure. Using these technologies and reports, our team searched and did not find any evidence of DigiCert certificates in our environment. We continue to monitor this situation and will provide further updates if necessary.

Published at N/A

GitLab Vulnerability: CVE-2024-5655 Update

VulnerabilitiesCopy link

On June 28th, 2024, Demandbase became aware of a new software security concern impacting GitLab's Community and Enterprise editions. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data. Demandbase has multiple security technologies that permit us to audit our software infrastructure. Using these technologies and reports, our team searched and did not find any evidence of GitLab being compromised in our environment. We continue to monitor this situation and will provide further updates if necessary.

For more information, please refer to the advisories posted by NIST: CVE-2024-5655

Published at N/A

Threat Campaign Targeting Snowflake Customer Database Instances - Update

VulnerabilitiesCopy link

On June 10th, 2024, Demandbase became aware of a new threat campaign directed at Snowflake customer databases. Demandbase does not currently use Snowflake, and when we did use Snowflake in the past we enforced multi-factor authentication. Based on the information provided by Snowflake to date, we do not believe we are affected by this campaign.

For more information on this topic, please refer to the advisories posted by NIST: CISA Alert for Snowflake Threat Campaign

Published at N/A

Polyfill: CVE-2024-38526 Update

VulnerabilitiesCopy link

On June 26, 2024, Demandbase became aware of a new software supply chain security concern involving the Polyfill library. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data.

Demandbase has multiple security technologies that permit us to audit our software infrastructure. Using these technologies and reports, our team searched and did not find any evidence of the Polyfill library or the presence of the CVE in our systems.

We continue to monitor this situation and will provide further updates if necessary.

Published at N/A*
Powered bySafeBase Logo