DG System Status
Welcome to the DG Health Status Board. Below you will find status information for each of our Digital Governance services.

Universal Consent Platform (UCP)

Reporting Dashboard
AutoPop
Site Notices

Tag Auditor

Live Scans
Historical Scan
DGR
Alerting

Tag Control

Observation
Tag Control
Consent Control

Ad Notice

Ad Notice

Spring4Shell Zero Day Vulnerability - 04.01.2022 12:00 pm MST Zero-Day Exploit in Spring Framework | Spring4Shell Crownpeak is actively monitoring the Spring4Shell zero-day CVE-2022-22965 vulnerability.  Please see CVE-2022-22963 and CVE-2022-22965. Our operations team has performed a thorough review of internal systems and support applications to determine if Crownpeak systems contain any exposure to the vulnerability.  These two vulnerabilities have been discovered almost at the same time and thus tend to get mixed up in the news although they have different attack vectors. At this time, no exploits have been identified while we continue to perform our investigation.  We are actively monitoring and managing the issue and have a team working on identifying potential risks in our software components and services. This article will be updated regularly to provide information about how the vulnerability affects Crownpeak and its ecosystem as well as details on how we handle the issue and what you can do to secure your systems.  Be aware that this vulnerability affects many applications as it's an issue in a framework widely used. The information contained in this article is thus... View full report

Log4j Zero Day Vulnerability Update – 12.14.2021 5:00 pm MST Crownpeak is actively monitoring the Log4j2 Zero Day Vulnerability disclosedon December 9, 2021 (CVE-2021-44228). Log4j2 affects the Apache Log4j 2 project and any systems which have deployed the library into an application. Our operations team performed a comprehensive review of internal systems and support applications to update or patch any affected systems. Updates on the review results have been posted to this thread. We continue to actively monitor the situation. The majority of Crownpeak’s products were not affected by the Log4j2 Zero Day Vulnerability, as they are not written in Java, or do not use the Log4j library.  The small subset of Crownpeak’s product components which leverage the Log4j library were affected have been identified and patched to eliminate the risk of exploit. Specific product details are listed below.  Crownpeak will be continuing to monitor our systems as well as third party components related to this situation closely and report any additional updates.   DG – Privacy & Consent Management  No systems or components affected in the DG product set