Zuora is aware of two recently reported vulnerabilities known as Meltdown and Spectre which are affecting wide range of computer processors. Exploitation of these two vulnerabilities can allow a rogue process on the same device to perform unauthorized reads of memory data. This issue is detailed in the following Common Vulnerabilities and Exposures (CVE) bulletins CVE-2017-5753, CVE-2017-5715, CVE-2017-5754
As is the case for several other service providers, Zuora’s infrastructure uses operating systems that are impacted by these vulnerabilities. Zuora has taken steps to remediate these vulnerabilities as quickly as possible by applying the necessary security patches. At this time, there is no known impact to our Customer data because of these vulnerabilities. We will continue to monitor the issue and provide updates as necessary.