Important Information Regarding the Shellshock Vulnerability and Hosting Services

Recently, a team of security researchers announced a vulnerability named “shellshock” (CVE-2014-6271, CVE-2014-7169) which affects Bash, a program that some Unix-based systems utilize to execute command lines and scripts.  In this context, we would like to inform you that the following Blackbaud Hosting Services products are secure:

• 
  
• ALTRU
  
• Blackbaud Enterprise CRM (BBCRM)
  
• Blackbaud Merchant Services (BBMS)
  
• Blackbaud NetCommunity (BBNC)
  
• Blackbaud Online Express (BBOX)
  
• Blackbaud Secure Payments (BBSP)
  
• Blackbaud NetSolutions (NetSol)
  
• Patron’s Edge Online (PEO)
  
• The Raiser’s Edge (RE7)
  
• Sphere
  

More specifically, this vulnerability only affects software that uses GNU Bash through version 4.3, typically based on Unix, Linux, and Oracle.  It does not affect all software that uses Windows.

Nearly all of the products in Hosted Services do not use Bash, and we have tested and validated that the products that may use it, including Luminate Online, Team Approach, Donor Direct, and eTapestry have gone through an emergency change in order to address any potential vulnerabilities.

As always, Security is at the forefront of our environment and we strive to provide a safe and secure hosting service for all of our customers.

 

If you have questions, please create a case on Case Central, and choose your product, or contact our Support team using our chat feature.