Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Secure Remote Access Secure Hybrid Enterprise Zero Trust for Cloud Third-Party Access Secure DevOps Access
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Consumer Protection Fraud Protection Phishing Protection Risk Orchestration Mobile Protection
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.

Appgate SDP Security Advisories

If you believe you have identified a security concern with Appgate SDP please contact appgate-security@appgate.com

Re: Apache Log4j vulnerability

Appgate SDP v5.1.x - v5.5.x are NOT affected by the Log4j vulnerability.

While the log4j library is included in the Appgate SDP appliance build, its ONLY use is in the open source Elasticsearch component of the LogServer. Elastic has confirmed that Elasticsearch is NOT affected by the Log4j vulnerability (but have identified a related minor information leakage issue). Versions 5.4.6 and 5.5.2 contain the updated 2.17.1 version of Log4j.
We strongly recommend that our secure deployment recommendations are followed - specifically that the LogServer should never be exposed to the internet, but only accessible to other components of the SDP system and to authorized, authenticated users.

TitleIDSeverityProducts AffectedFirst PublishedLast Published
Log4j 2 VulnerabilityPDF 2021-12-0001MinorAppgate SDP LogServer versions up to and including 5.5.12021-12-132022-01-05
Scripting Engine Sandbox BypassPDF 2021-11-0001Medium (CVSS 6.6)Appgate SDP Controller and Gateway versions prior to 5.5.12021-12-072021-12-07
Privilege Escalation on Appgate SDP Clients for LinuxPDF 2021-06-0001High (CVSS 7.5)Appgate SDP Client for Linux versions prior to 5.4.22021-06-142021-06-14
Security Fix and Cumulative Improvements for Appgate SDP Clients for WindowsPDF2021-04-0002Medium (CVSS 5.5)Appgate SDP full Clients for Windows versions prior to 5.4.02021-04-272021-04-27
Information Disclosure from Appgate SDP ControllersPDF2021-04-0001High (CVSS 8.5)Appgate SDP Controller versions prior to 5.3.3 (except 5.2.4)2021-04-152021-04-23
Cumulative Security Fixes and Improvements for Appgate SDP Clients PDF2021-01-0001Medium (CVSS 5.5)Appgate SDP Client versions prior to 5.3.22021-01-222021-04-16
Default Time-Based OTP Provider Bypass PDF2020-11-0001Medium (CVSS 6.8)Appgate SDP Controller versions prior to 5.3.1 2020-11-302020-12-07
Privilege Escalation on Appgate SDP Client for Windows PDF2020-04-0001High (CVSS 7.8)Appgate SDP full Clients for Windows versions prior to 5.1.12020-05-012020-05-01
Remote code execution on management interface PDFPDF2020-04-0002High (CVSS 7.5)Appgate SDP Controller versions 4.1.0 through 5.0.3, 5.1.0 and 5.1.12020-05-012020-05-01
Scripting Engine Sandbox BypassPDF2019-11-0001High (CVSS 7.2)Appgate SDP Appliances before v5.0.22019-11-182019-11-18
Remote Privilege Escalation on Windows ClientPDF2019-07-0001High (CVSS 8.0)Appgate SDP Client for Windows from v4.1.0 to v4.3.12019-07-09 2019-07-09
Controller Impersonation during Appliance CommunicationPDF2018-12-0001Low (CVSS 3.3)Appgate SDP Appliances before v4.1.72018-12-032018-12-03
Privilege Escalation on Windows ClientPDF2018-11-0001LowAppgate SDP Client for Windows from v4.1.0 to v4.1.22018-11-222018-11-22
TCP Stack vulnerability: SegmentSmackPDF2018-08-0001LowAppgate SDP before v4.1.22018-08-092018-08-09
Information Disclosure on Management InterfacePDF2018-07-0001LowAppgate SDP from v4.0.0 to v4.0.32018-07-122018-07-12
SAML Authentication BypassPDF2018-03-0001LowAppgate SDP before v3.3.32018-03-122018-03-12
CPU vulnerability: Meltdown and SpectrePDF2018-01-001LowAppgate SDP before v3.3.3 AppGate Classic all versions2018-01-082018-01-08
Shell access and information disclosurePDF2017-06-0001MediumAppgate Classic before v11.2.72017-06-082017-06-08
Information Disclosure on Management InterfacePDF2017-05-0001HighAppgate SDP Controller before v3.1.2 2017-05-182018-07-12

Appgate Security Advisories and other Appgate security content are provided on an "as is" basis and do not imply any kind of guarantee or warranty. Your use of the information in these publications or linked material is at your own risk. Appgate reserves the right to change or update this content without notice at any time.