The default shipping configuration of Teamwork Cloud is not a hardened configuration. When hardening an installation, some variables can render the installation inoperative, such as incompatibility of the supported ciphers in a certificate and the supported ciphers in the hardened configuration. Furthermore, the default configurations assume that the deployment is behind a secure infrastructure, and therefore required ports are globally allowed.

Since some of Teamwork Cloud's infrastructure relies on available components, newly discovered vulnerabilities need to be mitigated during the life-cycle of the installation.

The sections below cover potentially exploitable vulnerabilities of the different components, as well as various steps to mitigate them depending on the policies of the deploying organization.