MarkLogic IT Security Advisory

Following disclosure of a cyber-incident that affected one our AWS servers due to CVE2022-1388 (https://support.f5.com/csp/article/K23605346), the MarkLogic Security team immediately investigated to assess any impact.  Based on our assessment, no customer information and none of our internal networks were impacted by this incident.  The AWS server in question was immediately patched and taken offline for further forensic review. The impacted server was a redundant system that has no access to our internal networks, is only used for Domain Name Services (DNS), and does not contain customer information.  All other similar servers had previously been fully patched and are also under forensic review as a precaution.  Before we bring the impacted server back online, MarkLogic will complete our forensics investigation and perform a full rebuild of the instance. 

Any updates or changes will be posted on this website for future reference.

Last updated: Monday, May 16, 2022