AppViewX Security Advisory | Onprem | 2026.1.0.0
Advisory
AppViewX has identified a few medium level inhouse vulnerabilities, which are addressed holistically across the product. A high level overview of these fixes are provided in this document. If a summary of the internal pentest document is required, please reach out to [email protected] or [email protected].
Risk Matrix
| Product Version | Patch Availability |
|---|---|
| AppViewX 2026.1.0.0 On-Premise | Available |
Scope
The scope of penetration testing includes validation of the infrastructure, web application, and APIs in an On-Prem environment.
Vulnerabilities Addressed and Controls Implemented
| Scope | Vulnerabilities Addressed | CVSS Score | Controls Implemented |
|---|---|---|---|
| Web and API | Injection | 4.6 - 8.5 | Implemented strict client and server-side input validation. |
| Insecure design | 5.1 | Implemented proper concurrency controls, including request locking and atomic operations. | |
| Cryptographic failures | 6.9 | Implemented secure authentication flows ensuring passwords are never transmitted, logged, or returned. | |
| Security misconfiguration | 5.1 | Implemented measures to prevent the disclosure of sensitive information. |
Components Upgraded
AppViewX periodically reviews the third party components used as part of the product for vulnerabilities, end-of-life and upgrades the tools as part of every major release. The components that are upgraded as part of the AppViewX v2026.1.0.0 on-premise release are as follows:
| Component | Version |
|---|---|
| calico/cni | v3.30.3 |
| calico/kube-controllers | v3.30.3 |
| calico/node | v3.30.3 |
| istio/istioctl | 1.28.0 |
| istio/pilot | 1.28.0 |
| istio/proxyv2 | 1.28.0 |
| prom/prometheus | v3.5.0 (LTS) |
| k8s-dns-node-cache | 1.26.0 |
| kube-apiserver | v1.34.1 |
| kube-controller-manager | v1.34.1 |
| kube-proxy | v1.34.1 |
| kube-scheduler | v1.34.1 |
| filebeat | v9.1.4 |
| elasticsearch | v9.1.4 |
| kibana | v9.1.4 |
| logstash | v9.1.4 |
| redis-exporter | v1.77.0 |
| grafana | v12.3.0 |
| kube-state-metrics | v2.17.0 |
| alertmanager | v0.28.1 |
| Redis | v8.2.2 |
| node-exporter | v1.9.1 |
| kube-metrics-adapter | v0.2.6 |
| coredns | v1.12.1 |
| openbao | 2.4.1 |
| etcd | 3.6.4-0 |
| Mongo | 8.0.14 |
| metrics-server | v0.8.0 |
| pause | 3.10.1 |
Questions or Security Concerns?
Please reach out to the AppViewX Enterprise Information Security at [email protected] for any queries related to the product security.
