Security alerts and tips

Last update - June 2018

 

Amadeus takes security very seriously and works hard to protect customer data. In this section you will find good security practices, as well as alerts and tips that will be helpful when using Amadeus solutions and services online.
 

January 29th, 2015 - "Ghost" vulnerability

On January 27 2015, Amadeus was made aware of the new vulnerability named "Ghost" which has been assigned the unique CVE-2015-0235.

The Ghost vulnerability is a weakness in the Linux glibc library that allows a attackers to remotely take control of the victim's system.

Amadeus is carrying out investigations in order to mitigate any perceived risk. As this vulnerability is on system level and only affects the party running the Operating System, it is advised that customers carry out their own investigation within their own environment.
 

October 17th, 2014 - Poodle attack vulnerability

We can confirm that connections to Amadeus eTravel Management are susceptible to the new SSL 3 - also known as "Poodle" - attack. Amadeus is currently investigating possible server-side mitigations and working to prioritize the decommissioning of SSL 3 on the servers.

Note that the Poodle attack requires a Man-in-the-Middle attacker. In order to avoid such a situation, we recommend all users to avoid using Amadeus eTravel Management on public and unsecured Wi-Fi connections.

Relevant links:

https://technet.microsoft.com/en-us/library/security/3009008.aspx
 

September 29th, 2014 - "Shellshock" vulnerability

Amadeus has been actively working on diagnosing its systems with respect to the Bash vulnerability (CVE-2014-6271,CVE-2014-7169) since it was discovered.

Remedial actions are being taken to protect our systems and patches are being applied - with priority given to the most urgent matters - as soon as they are available from our vendors.

Our Security Operation Center is constantly monitoring our systems for any unusual activity and is able to identify and mitigate against potential attacks.
 

April 28th, - Microsoft Internet Explorer Use-After-Free vulnerability guidance

In relation to the recent Internet Explorer security vulnerability, we advise all users that use Internet Explorer to be extra careful while browsing as Microsoft works on a patch to resolve this issue.

Customers using Internet Explorer for Amadeus products should not be affected, though we urge caution when navigating away from trusted sites and using Internet Explorer.

As good security practice, we advise to use an up-to-date anti-virus solution along with keeping your software updated at all times.

Relavant links

http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being

http://www.theregister.co.uk/2014/04/27/oops_we_did_it_again_microsoft_warns_of_ie_zero_day/