We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.
Security Advisories
Salesforce is committed to setting the standard in software-as-a-service as an effective partner in customer security.
Recent Security Advisories
From time to time it is important we notify customers with security advisories related to the Salesforce platform or subsidiaries. We will publish security advisories below.
Date | Type | Subject | Nature of Attack |
|---|---|---|---|
Email Scam | Phishing Campaign | Salesforce-themed phishing campaign | |
Vulnerability | Salesforce Security Vulnerability | Security vulnerability impact on Salesforce Sites and Communities | |
Vulnerability | Twitter Account Activity API | Vulnerability of Twitter Account Activity API | |
Vulnerability | 'Apache Struts' vulnerabilities | Vulnerability affecting a wide range of web services. | |
Email Scam | Payment was returned | Email purporting to be from Salesforce to request a wire transfer of money to a bank account that is not owned/operated by Salesforce. | |
Vulnerability | SAML Vulnerabilities: Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal | Vulnerability affecting a wide range of SAML libraries. | |
Vulnerability | Spectre/Meltdown Vulnerabilities | Vulnerability affecting a wide range of computer processors. | |
Vulnerability/Ransomware | MS17-010 Vulnerability (AKA EternalBlue) | Malware leveraging MS17-010 (AKA EternalBlue) Vulnerability | |
Malware | TrickBot / The Trick | Malware may target Salesforce Users. | |
Ransomware | WannaCry Ransomware | Ransomware targeting Windows "Eternal Blue" vulnerability. | |
Email Scam | Google Docs Phishing Campaign | Google Docs invitation containing a phishing link. | |
Service Provider Vulnerability | Cloudflare Vulnerability | Cloudflare, an embedded content delivery network and internet security services provider, disclosed a security vulnerability in their edge servers, which could expose information such as HTTP cookies, authentication tokens, and HTTP POST bodies. | |
Email Scam | Your SSL Certificate has expired | Email that provides a link to download a file that contains malicious software. | |
Email Scam | Your SSL Certificate has expired | Email that provides a link to download a file that contains malicious software. | |
Email Scam | EMAIL BLACKLISTED... | Email containing links to phishing sites purporting to be salesforce.com. |
For security-related questions, information, or reporting, contact security by emailing security@salesforce.com.
Contact SecuritySecurity Notifications
Security notifications provide information about security-related issues involving the Salesforce platform or a specific customer instance.
Security Advisory
This type of notification is available for all Salesforce end users. These are broadly distributed security notifications about a security issue relevant to all Salesforce customers. Notification options include Email.
Security Alerts
This type of notification is only available to admins of Salesforce orgs. These are security notifications about possible suspicious activity involving a specific customer’s Salesforce instance that require further investigation by your organization. Notification options include email.
Security Incident
This type of notification is only available to admins of Salesforce orgs. These are security notifications about a confirmed or reasonably suspected breach of data hosted on Salesforce. Notification options include phone and email.