Security Advisories

Salesforce Trust

Security Advisories

Salesforce is committed to setting the standard in software-as-a-service as an effective partner in customer security.

Recent Security Advisories

From time to time it is important we notify customers with security advisories related to the Salesforce platform or subsidiaries. We will publish security advisories below.

Date	Type	Subject	Nature of Attack
11/28/2018	Email Scam	Phishing Campaign	Salesforce-themed phishing campaign
10/5/2018	Vulnerability	Salesforce Security Vulnerability	Security vulnerability impact on Salesforce Sites and Communities
9/21/2018	Vulnerability	Twitter Account Activity API	Vulnerability of Twitter Account Activity API
9/18/2018	Vulnerability	'Apache Struts' vulnerabilities	Vulnerability affecting a wide range of web services.
5/9/2018	Email Scam	Payment was returned	Email purporting to be from Salesforce to request a wire transfer of money to a bank account that is not owned/operated by Salesforce.
3/5/2018	Vulnerability	SAML Vulnerabilities: Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal	Vulnerability affecting a wide range of SAML libraries.
1/4/2018	Vulnerability	Spectre/Meltdown Vulnerabilities	Vulnerability affecting a wide range of computer processors.
6/28/2017	Vulnerability/Ransomware	MS17-010 Vulnerability (AKA EternalBlue)	Malware leveraging MS17-010 (AKA EternalBlue) Vulnerability
6/21/2017	Malware	TrickBot / The Trick	Malware may target Salesforce Users.
5/15/2017	Ransomware	WannaCry Ransomware	Ransomware targeting Windows "Eternal Blue" vulnerability.
5/3/2017	Email Scam	Google Docs Phishing Campaign	Google Docs invitation containing a phishing link.
2/27/2017	Service Provider Vulnerability	Cloudflare Vulnerability	Cloudflare, an embedded content delivery network and internet security services provider, disclosed a security vulnerability in their edge servers, which could expose information such as HTTP cookies, authentication tokens, and HTTP POST bodies.
8/18/2016	Email Scam	Your SSL Certificate has expired	Email that provides a link to download a file that contains malicious software.
7/19/2016	Email Scam	Your SSL Certificate has expired	Email that provides a link to download a file that contains malicious software.
2/21/2016	Email Scam	EMAIL BLACKLISTED...	Email containing links to phishing sites purporting to be salesforce.com.

For security-related questions, information, or reporting, contact security by emailing security@salesforce.com.

Contact Security

Salesforce.com | | Careers | Privacy Policy | Site Map

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.

We have restored administrators' access to all affected orgs. We have prepared a set of instructions for admins that may need guidance on how to manually restore those user permissions. We notified admins via an email that contained a link to the instructions. Click here for Sandbox instances

We have restored administrators' access to all affected orgs. We have prepared a set of instructions for admins that may need guidance on how to manually restore those user permissions. We notified admins via an email that contained a link to the instructions.
Click here for Sandbox instances