Totango experienced a notice incident on April 10, 2024 affecting Totango Web Application, lasting —. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- resolved Apr 10, 2024, 01:28 PM UTC
On March 30, the US Cyber Defense Agency echoed a new critical backdoor vulnerability in a linux common package (XZ-utils library). CVE-2024-3094. What could be the affect? Under certain conditions, this backdoor could allow a malicious actor to break authentication, allowing the attacker to gain access to the affected system What did Totango do since the announcement? Totango scanned all our Linux instances, in order to check whether we are vulnerable and take the recommended actions to minimize the risk Current status After completing the scanning and take the relevant actions - all Totango systems are secured and not vulnerable.