Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Kapiche has implemented best-in-class security practices to keep customer data safe.. At Kapiche, we protect your data like it's our own

Australia Post-company-logoAustralia Post
Colorado Technical University-company-logoColorado Technical University
Village Roadshow-company-logoVillage Roadshow
Nextdoor-company-logoNextdoor
AGL Australia-company-logoAGL Australia
ANZ-company-logoANZ
Woodside Homes-company-logoWoodside Homes
Medibank-company-logoMedibank
RAC WA-company-logoRAC WA
Entain-company-logoEntain
Team Global Express-company-logoTeam Global Express

Documents

REPORTSNetwork Diagram
Trust Center Updates

Kapiche not affected by the XZ Utils backdoor vulnerability

VulnerabilitiesCopy link

Kapiche is not affected by the XZ Utils backdoor vulnerability.

Our security team has reviewed all OS versions deployed in our environment and confirmed that none of the impacted operating systems or versions are utilized.

For more details on this vulnerability, please visit https://nvd.nist.gov/vuln/detail/CVE-2024-3094 and https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils.

Published at N/A

Kapiche's Response to HTTP/2 Rapid Reset Attack and Curl Vulnerabilities

VulnerabilitiesCopy link

Kapiche is aware of CVE-2023-44487, also known as "HTTP/2 Rapid Reset Attack," related to HTTP/2 capable web servers where rapid stream generation and cancellation can result in additional load which could lead to a Denial of Service. Kapiche's infrastructure is designed with various protections to address Layer 7 request floods, however, we have implemented additional mitigations and patches address this issue.

Published at N/A

Kapiche's Response to the 2022 OpenSSL 3 Vulnerabilities

IncidentsCopy link

After careful review of our infrastructure and SBOM, the Kapiche team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.

As a helpful resource, you can use this page to determine if certain widely used software in your environment is affected or unaffected: https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md

Published at N/A
Powered bySafeBase Logo