[VIM] Q2 Solutions ConnX - timeline
jericho at attrition.org
Tue Apr 7 02:24:56 UTC 2009
Vendor refused to comment on whether they would develop a patch or even notify
existing client base.
Workaround: Remove ConnX server from public Internet access and protect behind
corporate firewalls, SSL-VPN, web application firewall etc.
30-Oct-2008 - Discovered during audit.
05-Nov-2008 - Notified vendor. Vendor declined to comment.
01-Dec-2008 - Submitted full details to vendor.
18-Dec-2008 - Attempted to contact vendor again for a patch release date.
18-Dec-2008 - And again...
18-Dec-2008 - Vendor response, no patch - "We support our clients,
not independent contractors."
03-Apr-2009 - Disclosure.
More information about the VIM