Notified:  December 16, 2014 Updated: February 05, 2015

Statement Date:   February 04, 2015

Status

Affected

Vendor Statement

What changes we have made: 1) We have made security changes in XLS Opp form which we have verified with CERT.org and we got Favorable response from CERT on the measures we have taken. 2) We have stopped support for earlier versions of Excel Opportunity form. 3) Users will have to download fresh copy of excel Opportunity form. It will make sure that everyone is using the version with additional security features. 4) We made several patched changes to improve security and will include more changes in the Feb. 15 release. 5) With additional security changes, all the users will have to reset their Password one time. 6) We have added security note for users on Sunday, Jan 11th Security Note : We already have good measures for security in applications But we all know, security threats are constantly evolving in market and we need to be on top of it, so we are taking precautionary steps and have made some changes both for Opportunity Portal and Excel based Opportunity form.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.