Security News > 2023 > December > 3CX warns customers to disable SQL database integrations

3CX warns customers to disable SQL database integrations
2023-12-15 17:30

VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability.

Although the security advisory released today lacks any specific information regarding the issue, it advises customers to take preventive measures by disabling their MongoDB, MsSQL, MySQL, and PostgreSQL database integrations.

"If you're using an SQL Database integration it's subject potentially to a vulnerability - depending upon the configuration," 3CX's chief information security officer Pierre Jourdan said.

As later discovered by cybersecurity firm Mandiant, the 3CX hack resulted from another supply chain attack that impacted the Trading Technologies stock trading automation company.

3CX says its Phone System has over 12 million daily users and is used by more than 350,000 businesses worldwide, including high-profile organizations and companies such as Air France, the UK's National Health Service, PepsiCo, American Express, Coca-Cola, IKEA, and multiple automakers.

3CX didn't reply to a request for comment when BleepingComputer reached out earlier today.


News URL

https://www.bleepingcomputer.com/news/security/3cx-warns-customers-to-disable-sql-database-integrations/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
3CX 6 0 16 8 6 30