Security Advisories

 

In order to protect businesses against hackers and criminals, we must ensure that our skills and knowledge are up to date at all times. Therefore, security research is just as important to our work as is building up a security community to promote an exchange of knowledge. After all, more security can only be achieved if many people take on the task.

Our CST Academy and the usd HeroLab are essential parts of our security mission. We share the knowledge we gain in our practical work and our research through training courses and publications. In this context, the usd HeroLab publishes a series of papers on current vulnerabilities and security issues. – always in line with our Responsible Disclosure Policy.

Always in the name of our mission: “more security”.

Below you will find the Security Advisories of the last months:

05/2024

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0008 | WeKan

Product: WeKan
Vulnerability Type: Broken Access Control (CWE-284)

More details: usd-2023-0008

04/2024

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2024-0002 | Gambio
Product: Gambio
Vulnerability Type: Weak Password Recovery Mechanism for Forgotten Password (CWE-640)

More details: usd-2024-0002

03/2024

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0029 | SONIX Technology Webcam

Product: SONIX Technology Webcam
Vulnerability Type: Incorrect Permission Assignment for Critical Resource (CWE-732)

More details: usd-2023-0029

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0038 | SAP

Product: SAP Fiori Sample Shop
Vulnerability Type: Improper Access Control (CWE-284)

More details: usd-2023-0038

02/2024

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0027 | FileCloud

Product: FileCloud Drive
Vulnerability Type: Dependency on Vulnerable Third-Party Component (CWE-1395)

More details: usd-2023-0027

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0009 | Zimperium

Product: Zimperium Mobile Threat Defense
Vulnerability Type: Improper Verification of Cryptographic Signature (CWE-347)

More details: usd-2023-0009

01/2024

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0046 (CVE-2024-23759) | Gambio

Product: Gambio
Vulnerability Type: Deserialization of Untrusted Data (CWE-502)

More details: usd-2023-0046

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0047 (CVE-2024-23763) | Gambio

Product: Gambio
Vulnerability Type: SQL Injection (CWE-89)

More details: usd-2023-0047

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0048 (CVE-2024-23761) | Gambio

Product: Gambio
Vulnerability Type: Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336)

More details: usd-2023-0048

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0049 (CVE-2024-23762) | Gambio

Product: Gambio
Vulnerability Type: Unrestricted Upload of File with Dangerous Type (CWE-434)

More details: usd-2023-0049

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0050 (CVE-2024-23760) | Gambio

Product: Gambio
Vulnerability Type: Plaintext Storage of Password (CWE-256)

More details: usd-2023-0050

12/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0066 (CVE-2023-23634) | Documize

Product: Documize
Vulnerability Type: SQL Injection (CWE-89)

More details: usd-2022-0066

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0065 (CVE-2023-23633) | Documize

Product: Documize
Vulnerability Type: Broken Access Control (CWE-284)

More details: usd-2022-0065

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2021-0033 (CVE-2022-1274) | Keycloak

Product: Keycloak
Vulnerability Type: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

More details: usd-2021-0033

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0029 | Filerun

Product: Filerun
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0029

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0064 (CVE-2022-47532) | Filerun

Product: Filerun
Vulnerability Type: SQL Injection (CWE-89)

More details: usd-2022-0064

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0051 (CVE-2023-31292) | Planfocus

Product: Planfocus
Vulnerability Type: Insufficient Session Expiration (CWE-613)

More details: usd-2022-0051

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0052 (CVE-2023-31294) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Neutralization of Formula Elements in a CSV File (CWE-1236)

More details: usd-2022-0052

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0053 (CVE-2023-31295) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Neutralization of Formula Elements in a CSV File (CWE-1236)

More details: usd-2022-0053

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0054 (CVE-2023-31296) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Neutralization of Formula Elements in a CSV File (CWE-1236)

More details: usd-2022-0054

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0055 (CVE-2023-31299) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2022-0055

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0056 (CVE-2023-31302) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2022-0056

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0057 (CVE-2023-31300) | Planfocus

Product: Planfocus
Vulnerability Type: Weak Password Recovery Mechanism for Forgotten Password (CWE-640)

More details: usd-2022-0057

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0058 (CVE-2023-31297) | Planfocus

Product: Planfocus
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0058

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0059 (CVE-2023-31301) | Planfocus

Product: Planfocus
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0059

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0060 (CVE-2023-31298) | Planfocus

Product: Planfocus
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0060

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0061 (CVE-2023-31293) | Planfocus

Product: Planfocus
Vulnerability Type: Improper Access Control (CWE-284)

More details: usd-2022-0061

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0032 (CVE-2023-43057) | IBM QRadar SIEM

Product: IBM QRadar SIEM
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2023-0032

11/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0025 (CVE-2023-45878) | Gibbon Edu

Product: Gibbon Edu
Vulnerability Type: Arbitrary File Write (CWE-434)

More details: usd-2023-0025

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0024 (CVE-2023-45881) | Gibbon Edu

Product: Gibbon Edu
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2023-0024

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0022 (CVE-2023-45880) | Gibbon Edu

Product: Gibbon Edu
Vulnerability Type: Path-Traversal (CWE-23)

More details: usd-2023-0022

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0019 (CVE-2023-45879) | Gibbon Edu

Product: Gibbon Edu
Vulnerability Type: HTML Injection (CWE-79)

More details: usd-2023-0019

10/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0015 | SuperWebMailer

Product: SuperWebMailer
Vulnerability Type: Improper Neutralization of Special Elements used in a Command (CWE-77)

More details: usd-2023-0015

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0014 | SuperWebMailer

Product: SuperWebMailer
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (CWE-89)

More details: usd-2023-0014

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0013 | SuperWebMailer

Product: SuperWebMailer
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2023-0013

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0012 | SuperWebMailer

Product: SuperWebMailer
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2023-0012

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0011 | SuperWebMailer

Product: SuperWebMailer
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2023-0011

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0020 | Contao

Product: Contao
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2023-0020

09/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0017 | SAP Partner Portal

Product: SAP Partner Portal
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)

More details: usd-2023-0017

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0046 | SAP HTTP Content Server

Product: SAP HTTP Content Server
Vulnerability Type: Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644)

More details: usd-2022-0046

08/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0010 | ThingsBoard UI

Product: ThingsBoard UI
Vulnerability Type: Server-Side Template Injection (CWE-1336)

More details: usd-2023-0010

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0002 | tine Groupware

Product: tine Groupware
Vulnerability Type: SQL-Injection (CWE-89)

More details: usd-2023-0002

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0028 | Windows Admin Center

Product: Windows Admin Center
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0028

07/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0004 | MultiTech Conduit AP MTCAP2-L4E1

Product: MultiTech Conduit AP MTCAP2-L4E1
Vulnerability Type: CSRF (CWE-352)

More details: usd-2023-0004

06/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0014 | Foswiki

Product: Foswiki
Vulnerability Type: Path Traversal (CWE-23)

More details: usd-2022-0014

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0011 | Foswiki

Product: Foswiki
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0011

05/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0048 (CVE-2022-45144) | Tracim

Product: Tracim
Vulnerability Type: Cross-Site Scripting (CWE-79)

More details: usd-2022-0048

04/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0034 (CVE-2022-37955) | Microsoft Windows

Product: Microsoft Windows
Vulnerability Type: Improper Link Resolution Before File Access (CWE-59)  - Privilege Escalation

More details: usd-2022-0034

03/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0049 | Friendica
Product: Friendica
Vulnerability Type: Cross-Site Request Forgery (CSRF) (CWE-352)

More details: usd-2022-0049

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0050 | Friendica
Product: Friendica
Vulnerability Type: Cross-Site Scripting (CWE-79))

More details: usd-2022-0050

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2023-0001 | Friendica
Product: Friendica
Vulnerability Type: Cross-Site Request Forgery (CSRF) (CWE-352)

More details: usd-2023-0001

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0002 | NCP Secure Enterprise Client
Product: NCP Secure Enterprise Client
Vulnerability Type: Arbitrary File Delete

More details: usd-2022-0002

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0003 | NCP Secure Enterprise Client
Product: NCP Secure Enterprise Client
Vulnerability Type: Arbitrary File Read

More details: usd-2022-0003

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0004 | NCP Secure Enterprise Client
Product: NCP Secure Enterprise Client
Vulnerability Type: Insecure File Permissions

More details: usd-2022-0004

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0005 | NCP Secure Enterprise Client
Product: NCP Secure Enterprise Client
Vulnerability Type: Insecure Registry Export

More details: usd-2022-0005

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0006 | NCP Secure Enterprise Client
Product: NCP Secure Enterprise Client
Vulnerability Type: Privilege Escalation

More details: usd-2022-0006

02/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0032 | Seafile

Product: Seafile
Vulnerability Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

More details: usd-2022-0032

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0033 | Seafile

Product: Seafile
Vulnerability Type: URL Redirection to Untrusted Site (CWE-601)

More details: usd-2022-0033

01/2023

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0030 | Jellyfin

Product: Jellyfin
Vulnerability Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

More details: usd-2022-0030

!!nicht bearbeiten!!

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

usd-2022-0031 | Jellyfin

Product: Jellyfin
Vulnerability Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

More details: usd-2022-0031