Vulnerability Remediation
  • 12 Apr 2022
  • 1 Minute to read
  • Dark
    Light
  • PDF

Vulnerability Remediation

  • Dark
    Light
  • PDF

CTERA’s vulnerability and patch management procedures encompass the remediation of vulnerabilities.

Remediation is provided for actively supported product versions, and on condition of a valid cloud-care subscription.

Remediation may be, at the discretion of CTERA engineering, provided as part of the regular product release cycle, or through the issuance of “out-of-band” patches to the customer, when the severity of newly discovered vulnerabilities command urgent remediation actions that do not fit into CTERA’s Software Product roadmap.

The following table defines the criticality of vulnerabilities and expected time for a resolution, where:

  • Final Solution Time = time needed for the patch/maintenance release/corrective delivery installation, should that be publicly available within specified time-frame.
  • Neutralization Time = time needed for a quick fix or workaround in case the patch is not available within the specified time-frame. CTERA is expected to suggest any solution based on their knowledge together with a best-effort approach. “Currently no workaround available” is a valid statement in the context of this paragraph. The time-counter starts with the notification on the vulnerability.

Priority

CVSS Combined Score (final)


Final Solution Time


Neutralization Time


1 - Critical

8.0-10.0

1 month

10 working days

2 - Major

6.0.-7.9

3 months

1 month

3 - Moderate

0.1-5.9

Dependent on risk analysis

-

Related Articles

Security Vulnerability CVE-2021-4034 (Polkit (Pwnkit))

Samba Vulnerability CVE-2021-44142

Security Vulnerability CVE-2021-44228 (Log4Shell) 

Security Vulnerability CVE-2022-0847 (Dirty Pipe ) and CVE-2022-0001 (Spectre-BHI )

Security Vulnerability CVE-2022-22965 and CVE-2022-22963 (Spring4Shell Zero-Day Vulnerability)



Was this article helpful?

What's Next