Trust Site

Start your security review
View & download sensitive information
Search items
ControlK

Demandbase helps B2B companies hit their revenue goals using fewer resources. How? By using the power of AI to identify and engage the accounts and buying groups most likely to purchase. We combine your sales and marketing data with our validated B2B data to create what we call Account Intelligence. Better data makes better AI. That’s Smarter GTM™.

Start your security review
View & download sensitive information

Documents

Pentest Remediation Report

Trust Site Updates

DigiCert Revocation Incident - Update

IncidentsCopy link

On July 31st, 2024, Demandbase became aware of a new software supply chain security concern involving DigiCert SSL/TLS certificates. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data.

Demandbase has multiple security technologies that permit us to audit our infrastructure. Using these technologies and reports, our team searched and did not find any evidence of DigiCert certificates in our environment. We continue to monitor this situation and will provide further updates if necessary.

Published at N/A

GitLab Vulnerability: CVE-2024-5655 Update

VulnerabilitiesCopy link

On June 28th, 2024, Demandbase became aware of a new software security concern impacting GitLab's Community and Enterprise editions. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data. Demandbase has multiple security technologies that permit us to audit our software infrastructure. Using these technologies and reports, our team searched and did not find any evidence of GitLab being compromised in our environment. We continue to monitor this situation and will provide further updates if necessary.

For more information, please refer to the advisories posted by NIST: CVE-2024-5655

Published at N/A

Threat Campaign Targeting Snowflake Customer Database Instances - Update

VulnerabilitiesCopy link

On June 10th, 2024, Demandbase became aware of a new threat campaign directed at Snowflake customer databases. Demandbase does not currently use Snowflake, and when we did use Snowflake in the past we enforced multi-factor authentication. Based on the information provided by Snowflake to date, we do not believe we are affected by this campaign.

For more information on this topic, please refer to the advisories posted by NIST: CISA Alert for Snowflake Threat Campaign

Published at N/A

Polyfill: CVE-2024-38526 Update

VulnerabilitiesCopy link

On June 26, 2024, Demandbase became aware of a new software supply chain security concern involving the Polyfill library. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data.

Demandbase has multiple security technologies that permit us to audit our software infrastructure. Using these technologies and reports, our team searched and did not find any evidence of the Polyfill library or the presence of the CVE in our systems.

We continue to monitor this situation and will provide further updates if necessary.

Published at N/A*

Global Windows Outage Triggered by CrowdStrike Update

GeneralCopy link

On July 19th, 2024, Demandbase became aware of a widespread IT outage affecting businesses and critical services globally due to an issue with a recent CrowdStrike update. This update impacted numerous Windows PCs and servers across various sectors.

Upon discovering this issue, Demandbase conducted an immediate internal investigation to assess the potential impact on our operations. We are pleased to report that our investigation found no affected endpoints or any impact on our services.

Published at N/A

Palo Alto Networks PAN-OS 0-day - Update

VulnerabilitiesCopy link

On April 12th, 2024, Demandbase became aware of a new software 0-day security concern from our threat intelligence sources that involves Palo Alto Networks PAN-OS firewalls (CVE-2024-3400). We promptly investigated to determine whether there was an impact to Demandbase systems and/or data.

Demandbase has multiple security technologies that permit us to audit our firewalls. Using these technologies and reports, our team searched and verified the versions of PAN-OS that are susceptible to the Palo Alto Network PAN-OS 0-day are not in use within our network. We continue to monitor this situation and will provide further updates if necessary.

For more information on this topic, please refer to the advisories posted by NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-3400

Published at N/A

XZ Backdoor (CVE-2024–3094) - Update

VulnerabilitiesCopy link

On March 29th, 2024, Demandbase became aware of a new software security concern from our threat intelligence sources that involves the XZ Utils library in many Linux and other Unix-like operating systems (CVE-2024-3094). Demandbase has multiple security technologies that permit us to audit our endpoints. Using these technologies and reports, our team searched and did not find any evidence of XZ Utils being compromised within our environment. We have completed the mitigations provided by our threat intelligence sources and will continue to monitor this situation and provide further updates if necessary. For more information on this topic, please refer to the advisories posted by NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-3094

Published at N/A

Demandbase 2023 pentest remediation report is now available.

GeneralCopy link

Our 2023 pentest remediation report is available now on the Trust Site in the Documents section.

Published at N/A

Okta Security Breach Oct 2023

GeneralCopy link

On October 19, 2023 Demandbase received a notice from Okta regarding their latest security incident. According to that notice, there was no impact to Demandbase. In addition, we have conducted our own investigation internally and did not find any evidence of impact or inappropriate access due to the Okta incident. We will remain vigilant and provide updates if necessary.

Published at N/A

Progress WS_FTP Server Critical Vulnerability (CVE-2023-40044 & CVE-2023-42657)

VulnerabilitiesCopy link

On Oct 16th, 2023, Demandbase became aware of a new software security concern from our threat intelligence sources that involves Progress WS_FTP Server Critical Vulnerabilities (CVE-2023-40044 & CVE-2023-42657). Demandbase has multiple security technologies that permit us to audit our endpoints. Using these technologies and reports, our team searched and did not find any evidence of WS_FTP or the presence of either CVE in our systems.

For more information on this topic, please refer to the advisories posted by NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-40044 and https://nvd.nist.gov/vuln/detail/CVE-2023-42657

Published at N/A

Microsoft Office and Windows HTML Remote Code Execution (CVE-2023-36884) - Update

VulnerabilitiesCopy link

On July 12th, 2023, Demandbase became aware of a new software 0-day security concern from our threat intelligence sources that involves Microsoft Windows and Office products. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data.

Demandbase has multiple security technologies that permit us to audit our endpoints for known indicators of compromise that have been provided by Microsoft and our many security vendors. Using these technologies and reports, our team searched and did not find any evidence of Microsoft Windows or Office products being compromised within our environment. We have completed the mitigations provided by Microsoft and will continue to monitor this situation and provide further updates if necessary.

For more information on this topic, refer to the advisory posted at https://nvd.nist.gov/vuln/detail/CVE-2023-36884.

Published at N/A

MOVEit Transfer 0-day Update

VulnerabilitiesCopy link

On June 5, 2023, Demandbase became aware of a new software 0-day security concern from its threat intelligence sources that involves MOVEit file transfer solution. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data.

Demandbase has multiple security technologies that permit us to audit what applications are installed on our endpoints. Using these technologies, our team searched and did not find any evidence of MOVEit software installed or used within Demandbase. We continue to monitor this situation and will provide further updates if necessary.

For more information on this topic, refer to the advisory posted at https://nvd.nist.gov/vuln/detail/CVE-2023-34362.

Published at N/A

3CX Update

GeneralCopy link

On March 30, 2023, Demandbase became aware of a new software supply chain security concern from its threat intelligence sources that involves potential compromise of 3CX voice and video collaboration software installed on user workstations. We promptly investigated to determine whether there was an impact to Demandbase systems and/or data.

Demandbase has several security technologies that permit us to audit what applications are installed on our endpoints. Using these technologies, our team searched and did not find any evidence of 3CX software installed on our endpoints. We continue to monitor this situation and will provide further updates if necessary.

For more information on this topic, refer to the advisory posted by 3CX at https://www.3cx.com/blog/news/desktopapp-security-alert/.

Published at N/A*
Powered bySafeBase Logo