Earlier this week, a vulnerability identified as CVE-2015-3456, also referred to as VENOM, was announced. This vulnerability impacts virtualized platforms running virtual floppy drive code and can be exploited to access the host system and other virtualized machines running on that same host.
Currently, the OneLogin service runs mostly on "bare metal" or non-virtualized environments, and therefore most of our systems were not subject to this vulnerability. For the virtualized systems we do employ, we received confirmation from our vendor that they were not impacted by this vulnerability and leveraged our monitoring tools to verify this.
We will continue to monitor developments around this vulnerability and update this article as needed.