DXM System Status
Welcome to the DXM Health Status Board. Below you will find status information for each of our DXM services.

Content Management

CMS Platform
Access API
Publishing

Dynamic Content

Content API
Search Service (G2)
Realtime Indexing

Personalization (WCO)

Content Delivery
Forms
Editor User Interface

Other

Redirect Service
Fed Auth

June 6, 2022 @ 11:45am MT - Update June 6, 2022 @11:50 AM MT Reports of CMS Issue At 11:45 am MT we began receiving reports of an outage for some clients. We have restarted services and those reports have been cleared up. We continue to monitor the services at this time.   

April 7th @ 1:05pm MT - Updated April 10th @4:00 pm MT Reports of Outage  Crownpeak is currently experiencing an issue with DNS that has resulted in the primary DNS entries for AWS being overwritten with default DNS server entries for Network Solutions DNS servers. This issue has been corrected; however it will take some time for the corrected entries to be fully propagated.  Due to this issue, you may have not been able to access the CMS as well as issues with SearchG2 queries. Non-production websites using 401 auth would also be impacted.  We have also identified that any sites point to our redirect service using redirect.crownpeak.net may have also been impacted.  Using IPs or using a cname of redirect.crownpeak.com would not have been impacted. As of 3:00 pm MT on April 10th, we are seeing DNS has fully propagated.  We do not expect users to experience any more issues accessing the applications noted.  

Spring4Shell Zero Day Vulnerability - 04.01.2022 12:00 pm MST Zero-Day Exploit in Spring Framework | Spring4Shell Crownpeak is actively monitoring the Spring4Shell zero-day CVE-2022-22965 vulnerability.  Please see CVE-2022-22963 and CVE-2022-22965. Our operations team has performed a thorough review of internal systems and support applications to determine if Crownpeak systems contain any exposure to the vulnerability.  These two vulnerabilities have been discovered almost at the same time and thus tend to get mixed up in the news although they have different attack vectors. At this time, no exploits have been identified while we continue to perform our investigation.  We are actively monitoring and managing the issue and have a team working on identifying potential risks in our software components and services. This article will be updated regularly to provide information about how the vulnerability affects Crownpeak and its ecosystem as well as details on how we handle the issue and what you can do to secure your systems.  Be aware that this vulnerability affects many applications as it's an issue in a framework widely used. The information contained in this article is thus... View full report

Log4j Zero Day Vulnerability Update – 12.14.2021 5:00 pm MST Crownpeak is actively monitoring the Log4j2 Zero Day Vulnerability disclosedon December 9, 2021 (CVE-2021-44228). Log4j2 affects the Apache Log4j 2 project and any systems which have deployed the library into an application. Our operations team performed a comprehensive review of internal systems and support applications to update or patch any affected systems. Updates on the review results have been posted to this thread. We continue to actively monitor the situation. The majority of Crownpeak’s products were not affected by the Log4j2 Zero Day Vulnerability, as they are not written in Java, or do not use the Log4j library.  The small subset of Crownpeak’s product components which leverage the Log4j library were affected have been identified and patched to eliminate the risk of exploit. Specific product details are listed below.  Crownpeak will be continuing to monitor our systems as well as third party components related to this situation closely and report any additional updates.   DXM – Hybrid Headless CMS  No exposure in the Windows hosting environmentThe core Java install on standard Linux hosting environments was... View full report