We are proud to announce that Concrete CMS has been authorized as a CVE Numbering Authority (CNA) for vulnerabilities within Concrete CMS Core versions 8.5 and above.
As the 187th CNA from the USA, Concrete CMS joins a prestigious group of 346 CNAs and CNA-LRs across 37 countries, collaborating with the CVE Program. This partnership underscores our commitment to cybersecurity and responsible vulnerability management.
The CVE Program plays a crucial role in the cybersecurity ecosystem by cataloging publicly disclosed cybersecurity vulnerabilities. As a CVE Numbering Authority, Concrete CMS will now assign CVE Identifiers (CVE IDs) and publish CVE Records for new vulnerabilities in supported Concrete CMS versions. This initiative ensures clear and consistent communication of vulnerabilities, aiding IT and cybersecurity professionals in effectively addressing and mitigating security risks.
The CVE Records we publish will contribute to the global CVE List, which feeds into the U.S. National Vulnerability Database (NVD), further enhancing the accessibility and correlation of vulnerability information.
To keep the Concrete CMS community informed about potential risks, we have compiled a list of CVEs affecting Concrete CMS versions 8 and 9. The Concrete CMS CVE Tracker provides a detailed breakdown of the disclosed vulnerabilities, including their identifiers, descriptions, versions they impact and who should be credited with bringing the vulnerability to the Concrete CMS Security team’s attention.
As part of the CVE community, Concrete CMS is at the forefront of promoting safer digital environments and contributing to the collective security knowledge base. This achievement reflects our enduring commitment to delivering secure, reliable, and cutting-edge web content management solutions.
Sources:
- For detailed information on the CVEs in supported versions of Concrete CMS, visit Concrete CMS CVEs.
- To see Concrete CMS's official partner page on the CVE website, check out Concrete CMS on CVE.org.
- For the news release about Concrete CMS being added as a CVE Numbering Authority, read CVE.org News.
- For the announcement regarding Concrete CMS managing its CVEs, visit Concrete CMS Security News.