Dear users,
Recently, a major security flaw, CVE-2024-3094 , has caused concern in the tech world. This vulnerability was identified as a backdoor integrated into the “liblzma” compression library, allowing unauthorized access to servers via SSH.
At Waarp, we understand the critical importance of keeping your data and systems secure. This is why we have undertaken a detailed analysis to assess any potential exposure to this threat.
As part of this assessment, we identified two main aspects, two possibilities through which Waarp could be affected: through our applications and through our infrastructure .
Concerning our applications, we confirm that Waarp is not affected by CVE-2024-3094 . Indeed, the incriminated library is not used in our applications, including within our multi-protocol gateway, Waarp Gateway, which uses the SSH protocol.
As for our infrastructure, our servers use up-to-date versions, as well as the stable version of DEBIAN, thus eliminating any possibility of exploiting the CVE-2024-3094 flaw.
Finally, we carefully checked the versions of liblzma on our servers, confirming that they do not correspond to the vulnerable version.
This situation highlights the importance of constant vigilance when it comes to IT security. Although Waarp was not affected by this breach, we remain committed to protecting your data and systems from any potential threats.
We would like to reassure you that neither our management infrastructure nor our public servers were affected by this attack. Your trust is our priority, and we will continue to work to ensure the security and reliability of our services.
For more information :
Please do not hesitate to contact us if you have any additional questions or concerns.
Yours sincerely,