0 Replies Latest reply on Apr 15, 2016 9:24 AM by deshenyu

    Did Jive Software customers receive an security warning email  From: no-reply@JiveSoft.com with Subject: Jive Security Advisory 2016-04-14 19:00?  The imbedded URLs look very suspicious.  Very well could be a phishing email to malicious websites

    deshenyu

      content of email: 

       

      the imbedded URL address looks suspicious...

      http://cl.s4.exct.net/?qs=3bcaea1ab68e3ee9496eeab7fa620fbcc76c326d56d87b954ec1d21c18a5205d

      =====================================

       

      Earlier this week, an independent researcher contacted certain Jive customer administrators regarding an critical security vulnerability present in their communities. Jive has confirmed the issue, and is resolving on your behalf. More information on the vulnerability can be found in this blog post on the Jive Community.

      To mitigate the issue as quickly as possible for Cloud customers, Jive rolled out a rule change to it's Web Application Firewall (WAF) last night to block this vulnerability from being exploited. Any requests to the vulnerable endpoint containing exploit code will be blocked and all other site features will continue to function normally, including non-malicious requests to the vulnerable endpoint.

      The change is being made today (April 14) at 1900 Pacific. There should be no direct impact to customers, and no downtime is expected.

      If you have further questions, please file a support case in your secure MyJive Support Group on the Jive Community. We appreciate your patience as we work to ensure the security of your Jive Community.

      This email contains confidential information shared between Jive and its customers. Do not share or redistribute this communication.