AppViewX Security Advisory | Onprem | 2026.2.0.0
Advisory
AppViewX has identified a few medium and low in-house vulnerabilities, which are addressed holistically across the product. A high level overview of these fixes are provided in this document. If a summary of the internal pentest document is required, please reach out to [email protected] or [email protected].
Risk Matrix
| Product Version | Patch Availability |
|---|---|
| AppViewX 2026.2.0.0 On-Premise | Available |
Scope
The scope of penetration testing includes validation of the infrastructure, web application, and APIs in an On-Prem environment.
Vulnerabilities Addressed and Controls Implemented
| Scope | Vulnerabilities Addressed | CVSS Score | Controls Implemented |
|---|---|---|---|
| Web and API | Injection (Improper Input Validation) | 5.3 | Implemented strict server-side and client-side input validation, output encoding, input sanitization, input length restrictions, character whitelisting, and secure handling of user-supplied data. |
| Web & API | Security Misconfiguration | 3.1 - 3.5 | Strengthened protection of sensitive credentials, secured configuration settings, restricted unauthorized modifications, and enhanced security configuration management controls. |
Components Upgraded
AppViewX periodically reviews the third party components used as part of the product for vulnerabilities, end-of-life and upgrades the tools as part of every major release. The components that are upgraded as part of the AppViewX v2026.2.0.0 on-premise release are as follows:
| Component | Version |
|---|---|
| calico/cni | v3.31.3 |
| calico/kube-controllers | v3.31.3 |
| calico/node | v3.31.3 |
| istio/istioctl | v1.29.1 |
| istio/pilot | v1.29.1 |
| istio/proxyv2 | v1.29.1 |
| prom/prometheus | v3.5.0 (LTS) |
| k8s-dns-node-cache | v1.26.0 |
| kube-apiserver | v1.35.0 |
| kube-controller-manager | v1.35.0 |
| kube-proxy | v1.35.0 |
| kube-scheduler | v1.35.0 |
| filebeat | v9.2.4 |
| elasticsearch | v9.2.4 |
| kibana | v9.2.4 |
| logstash | v9.2.4 |
| redis-exporter | v1.80.2 |
| grafana | v12.4.1 |
| kube-state-metrics | v2.18.0 |
| alertmanager | v0.30.1 |
| Redis | v8.4.0 |
| node-exporter | v1.10.2 |
| kube-metrics-adapter | v0.2.7 |
| coredns | v1.13.2 |
| openbao | v2.4.4 |
| etcd | v3.6.7 |
| Mongo | v8.0.19 |
| metrics-server | v0.8.1 |
| pause | v3.10.1 |
Questions or Security Concerns?
Please reach out to the AppViewX Enterprise Information Security at [email protected] for any queries related to the product security.
