{"id":16345,"date":"2021-07-05T14:00:00","date_gmt":"2021-07-05T12:00:00","guid":{"rendered":"https:\/\/herolab-usd.formwandler.rocks\/security-advisory-06-21\/"},"modified":"2021-07-21T17:43:05","modified_gmt":"2021-07-21T15:43:05","slug":"security-advisory-06-21","status":"publish","type":"post","link":"https:\/\/herolab.usd.de\/en\/security-advisory-06-21\/","title":{"rendered":"Security Advisory 06\/2021"},"content":{"rendered":"\n<p>The usd HeroLab pentesters identified vulnerabilities in products from Microsoft and RabbitMQ while conducting their security analyses. In close cooperation with the manufacturers, usd AG supports the successful elimination of the security vulnerabilities. Specifically, the vulnerability categories are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Cross-site Scripting (XSS)<\/li><li>Server-Side Request Forgery (SSRF)<\/li><\/ul>\n\n\n\n<p>The disclosure of vulnerabilities is made in accordance with usd HeroLabs&nbsp;<a href=\"\/en\/responsible-disclosure\/\" class=\"rank-math-link\">Responsible Disclosure Policy<\/a>. For detailed technical information about the identified security vulnerability, please refer to our list of&nbsp;<a href=\"\/en\/security-advisories\/\" class=\"rank-math-link\">advisories<\/a>.<\/p>\n\n\n\n<p><strong>About usd HeroLab Security Advisories<\/strong><\/p>\n\n\n\n<p>In order to protect businesses against hackers and criminals, we must ensure that our skills and knowledge are up to date at all times. Therefore, security research is just as important to our work as is building up a security community to promote an exchange of knowledge. After all, more security can only be achieved if many people take on the task.<\/p>\n\n\n\n<p>We analyze attack scenarios, which are changing constantly, and publish a series of Security Advisories on current vulnerabilities and security issues \u2013 always in line with our&nbsp;<a href=\"\/en\/responsible-disclosure\/\" class=\"rank-math-link\">Responsible Disclosure Policy<\/a>.<\/p>\n\n\n\n<p>Always in the name of our mission: \u201cmore security.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The usd HeroLab pentesters identified vulnerabilities in products from Microsoft and RabbitMQ while conducting their security analyses. In close cooperation with the manufacturers, usd AG supports the successful elimination of the security vulnerabilities. Specifically, the vulnerability categories are as follows: Cross-site Scripting (XSS) Server-Side Request Forgery (SSRF) The disclosure of vulnerabilities is made in accordance [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"<!-- wp:paragraph -->\n<p>Die Pentester des usd HeroLabs haben w\u00e4hrend der Durchf\u00fchrung ihrer Sicherheitsanalysen Schwachstellen in Produkten von Microsoft und RabbitMQ identifiziert. In enger Zusammenarbeit mit den Herstellern unterst\u00fctzt die usd AG bei der erfolgreichen Behebung der Sicherheitsl\u00fccken. Konkret handelt es sich um folgende Schwachstellenkategorien:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:list -->\n<ul><li>Cross-Site Scripting (XSS)<\/li><li>Server-Side Request Forgery (SSRF)<\/li><\/ul>\n<!-- \/wp:list -->\n\n<!-- wp:paragraph -->\n<p>Die Bekanntmachung der Schwachstellen erfolgt in Einklang mit der&nbsp;<a href=\"\/responsible-disclosure\/\">Responsible Disclosure Policy<\/a>&nbsp;des usd HeroLabs. Detaillierte Informationen zur den technischen Details finden Sie in unseren&nbsp;<a href=\"\/security-advisories\/\">Advisories<\/a>.<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p><strong>\u00dcber usd HeroLab Security Advisories<\/strong><\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>Um Unternehmen vor Hackern und Kriminellen zu sch\u00fctzen, m\u00fcssen wir sicherstellen, dass unsere F\u00e4higkeiten und Kenntnisse stets auf dem neuesten Stand sind. Deshalb ist die Sicherheitsforschung f\u00fcr unsere Arbeit ebenso wichtig wie der Aufbau einer Security Community zur F\u00f6rderung des Wissensaustausches. Denn mehr Sicherheit kann nur erreicht werden, wenn viele sie zu ihrer Aufgabe machen.<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>Wir untersuchen die sich st\u00e4ndig im Wandel befindlichen Angriffsszenarien und ver\u00f6ffentlichen in diesem Zusammenhang eine Reihe von Security Advisories zu aktuellen Schwachstellen und Sicherheitsproblemen \u2013 stets im Einklang mit den Leits\u00e4tzen unserer&nbsp;<a href=\"\/responsible-disclosure\/\">Responsible Disclosure Policy<\/a>.<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>Immer im Namen unserer Mission: \u201emore security.\u201c<\/p>\n<!-- \/wp:paragraph -->","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[76,85],"tags":[],"class_list":["post-16345","post","type-post","status-publish","format-standard","hentry","category-news","category-security-advisories-en"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/posts\/16345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=16345"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/posts\/16345\/revisions"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=16345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/categories?post=16345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/tags?post=16345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}