Date: December 15, 2021
Labguru is following the vulnerability management process in monitoring and patching Labguru services to address the security issue referenced in CVE-2021-44228. For more details specific to individual services, see below.
Labguru is reported to NOT be affected by CVE-2021-44228. No further action is necessary at this time.
AWS OpenSearch (formerly AWS ElasticSearch)
AWS OpenSearch is reported to be affected by CVE-2021-44228. The service has been updated with AWS patch R20211203-P2 to remediate the vulnerability identified in CVE-2021-44228. No further action is necessary at this time.
ChemAxon Web Services for Labguru
The ChemAxon services used by Labguru are reported to NOT be affected by CVE-2021-44228. No further action is necessary at this time.
We are actively working with our third-party vendors to ensure that they have mitigations in place and if necessary updating their software or services to remediate this issue. As this issue continues to evolve, we will continue to implement additional remediation actions as appropriate.
As part of our continuous detection and monitoring systems, we have implemented detection and monitoring to alert for any potential exploitation attempts. If Labguru becomes aware of unauthorized access to Customer Data, we will notify impacted customers without undue delay.