Security Policy

As a core infrastructure component of our customers, the security of CIB seven Platform (also referred to as the ‘software’) takes top priority and is maintained constantly.

Since CIB seven is based on Camunda Engine, security test done there apply to CIB seven as well.

Penetration Testing

Camunda has contracted an independent, external security advisor to regularly conduct penetration tests of the software. The advisor operates according to industry best practices recommended by the OWASP organization such as the OWASP Testing Guide. The tools used for testing include Burp Suite and DefenseCode Thunderscan

Any vulnerabilities detected are handled according to our process for security issue management.

Test history:

Date Test Focus Result Summary

April 2023

Camunda Automation Platform Version: 7.19.0-ee

External security assessment using the graybox approach to test the Camunda Automation Platform web applications and REST API.

No critical vulnerabilities were detected.

Three lesser vulnerabilities were detected and submitted for treatment to our security issue process:

  • One issues has been fixed.
  • One issues has been partially fixed, work in progress.
  • One issue was given as general security advice.

June 2022

Camunda Automation Platform Version: 7.17.0-ee Camunda Optimize Version 3.8.0

External security assessment using the graybox approach to test the Camunda Automation Platform web applications and REST API plus Camunda Optimize.

No critical vulnerabilities were detected.

Two lesser vulnerabilities were detected and submitted for treatment to our security issue process:

  • One issues have been fixed.
  • One issues have been partially fixed, work in progress.

One general security advice was given.

December 2021

Camunda Automation Platform Version: 7.16.0-ee Camunda Optimize Version 3.6.0

Whitebox test with focus on (but not limited to) the Camunda Automation Platform web applications and REST API plus Camunda Optimize.

No critical vulnerabilities were detected.

Two lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Two issues have been partially fixed, work in progress.

December 2021

Cawemo

Whitebox test with focus on (but not limited to) the Cawemo application and the underlying infrastructure.

No critical vulnerabilities were detected.

Seven lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Seven issues have been partially fixed, work in progress.

June 2021

Cawemo

Whitebox test with focus on (but not limited to) the Cawemo application and the underlying infrastructure.

No critical vulnerabilities were detected.

Five lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Five issues have been partially fixed, work in progress.

March 2021

Camunda Platform Version: 7.14.5-ee Camunda Optimize Version 3.3.0

Whitebox test with focus on (but not limited to) Camunda Platform web applications and REST API.

No critical vulnerabilities were detected.

Three lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Three issues have been partially fixed, work in progress.

January 2020

Camunda Platform Version: 7.12.1-ee Camunda Optimize Version 2.7.0

Whitebox test with focus on (but not limited to) Camunda Platform web applications and REST API.

No critical vulnerabilities were detected.

Seven lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Two issues have been fixed.

Five issues have been partially fixed, work in progress.

January 2019

Camunda Platform version: 7.10.1

Whitebox test with focus on (but not limited to) Camunda Platform web applications and REST API.

No critical vulnerabilities were detected.

Five lesser vulnerabilities were detected and submitted for treatment to our security issue process.

Two issues have been fixed.

Three issues have been partially fixed.

On this Page: