Trust Site
Demandbase is the leading account-based GTM platform for B2B enterprise sales and marketing teams, designed to make every moment and every dollar count. That's because when the stakes are high, aligning revenue teams to act with precision and confidence is the difference between crushing the quarter or falling short. Since creating the category in 2013, Demandbase continues to revolutionize the way B2B companies go to market with AI-powered insights and industry-leading impact.
Zero Day Vulnerability
On August 9th, 2024, Demandbase received intelligence regarding a zero-day vulnerability affecting certain browsers, including Chrome, Firefox, and Safari. This vulnerability allows external websites to communicate with, and potentially exploit, software running locally on macOS and Linux systems.
Upon learning of this issue, Demandbase conducted an internal investigation and found no affected endpoints. Demandbase uses an unaffected version of Chrome, along with recommended advisory controls.
We will continue to closely monitor developments related to this vulnerability, and will provide updates if necessary.
DigiCert Revocation Incident - Update
On July 31st, 2024, Demandbase became aware of a new software supply chain security concern involving DigiCert SSL/TLS certificates. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data.
Demandbase has multiple security technologies that permit us to audit our infrastructure. Using these technologies and reports, our team searched and did not find any evidence of DigiCert certificates in our environment. We continue to monitor this situation and will provide further updates if necessary.
GitLab Vulnerability: CVE-2024-5655 Update
On June 28th, 2024, Demandbase became aware of a new software security concern impacting GitLab's Community and Enterprise editions. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data. Demandbase has multiple security technologies that permit us to audit our software infrastructure. Using these technologies and reports, our team searched and did not find any evidence of GitLab being compromised in our environment. We continue to monitor this situation and will provide further updates if necessary.
For more information, please refer to the advisories posted by NIST: CVE-2024-5655
Threat Campaign Targeting Snowflake Customer Database Instances - Update
On June 10th, 2024, Demandbase became aware of a new threat campaign directed at Snowflake customer databases. Demandbase does not currently use Snowflake, and when we did use Snowflake in the past we enforced multi-factor authentication. Based on the information provided by Snowflake to date, we do not believe we are affected by this campaign.
For more information on this topic, please refer to the advisories posted by NIST: CISA Alert for Snowflake Threat Campaign
Polyfill: CVE-2024-38526 Update
On June 26, 2024, Demandbase became aware of a new software supply chain security concern involving the Polyfill library. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data.
Demandbase has multiple security technologies that permit us to audit our software infrastructure. Using these technologies and reports, our team searched and did not find any evidence of the Polyfill library or the presence of the CVE in our systems.
We continue to monitor this situation and will provide further updates if necessary.