Security Advisories
In order to protect businesses against hackers and criminals, we must ensure that our skills and knowledge are up to date at all times. Therefore, security research is just as important to our work as is building up a security community to promote an exchange of knowledge. After all, more security can only be achieved if many people take on the task.
Our CST Academy and the HeroLab are essential parts of our security mission. We share the knowledge we gain in our practical work and our research through training courses and publications.
In this context, the usd HeroLab publishes a series of papers on current vulnerabilities and security issues.
Always in the name of our mission: “more security.”
Below you find our latest security advisories:
01/2019
usd-2018-0032.txt
Product: Riverbed SteelCentral AppResponse, Affected Version: 9.6
Vulnerability Type: Reflected Cross-Site-Scripting Vulnerability
usd-2018-0034.txt
Product: Dropbear, Affected Version: current master branch (commit cb945f9f670e95305c7c5cc5ff344d1f2707b602)
Vulnerability Type: Username Enumeration
usd-2018-0035.txt
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data
usd-2018-0036.txt
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data
usd-2018-0037.txt
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data
usd-2018-0038.txt
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data
12/2018
usd-2018-0024.txt
Product: Shpock App, Affected Version: Shpock App for Andriod & Iphone
Vulnerability Type: Username Enumeration
usd-2018-0025.txt (CVE-2018-7750)
Product: SEP sesam, Affected Version: 4.4.3.61,
Vulnerability Type: Authentication Bypass
usd-2018-0026.txt (CVE-2018-18245)
Product: Nagios Core, Affected Version: 4.4.2,
Vulnerability Type: Stored XSS
usd-2018-0027.txt (CVE-2018-18246)
Product: Icinga Web 2, Affected Version: 2.6.1,
Vulnerability Type: CSRF
usd-2018-0028.txt (CVE-2018-18248)
Product: Icinga Web 2, Affected Version: 2.6.1,
Vulnerability Type: Reflected XSS
usd-2018-0029.txt (CVE-2018-18247)
Product: Icinga Web 2, Affected Version: 2.6.1,
Vulnerability Type: Stored XSS
usd-2018-0030.txt (CVE-2018-18249, CVE-2018-18250)
Product: Icinga Web 2, Affected Version: 2.6.1,
Vulnerability Type: Denial of Service, Sensitive Data disclosure
usd-2018-0031.txt (CVE-2018-13376)
Product: Fortigate 900D, Affected Version: FW: V. 5.6.2 Build 1486 (GA),
Vulnerability Type: Sensitive Data disclosure
11/2018
usd-2018-0023.tx (CVE-2018-1000805)
Product: Paramiko , Affected Version: 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6,
Vulnerability Type: Authentication Bypass
usd-2018-0021.txt (CVE-2018-15498)
Product: SafeQ Pro SmartCard v2, Affected Version: V2,
Vulnerability Type: Replay Attack
usd-2018-0020.txt (CVE-2018-18473)
Product: Patlite, Affected Version: NBM-D88N, Patlite NHL-3FB1, Patlite NHL-3FV1N,
Vulnerability Type: Backdoor
07/2018
usd-2018-0013.txt
Product: Lexware professional 2017 , Affected Version: 17.02,
Vulnerability Type: Improper Access Control
usd-2018-0014.txt
Product: Lexware professional 2017, Affected Version: 17.02,
Vulnerability Type: Improper Access Control
usd-2018-0015.txt
Product: Lexware professional 2017, Affected Version: 17.02,
Vulnerability Type: Improper Access Control
usd-2018-0016.txt
Product: Lexware professional 2017, Affected Version: 17.02,
Vulnerability Type: Denial of Service
usd-2018-0017.txt
Product: Lexware professional 2017, Affected Version: 17.02,
Vulnerability Type: Broken Authentication
06/2018
usd-2018-0006.txt
Product: FirstSpirit SiteArchitect, Affected Version: 5.2, Vulnerability Type: Path Traversal
usd-2018-0012.txt
Product: FirstSpirit SiteArchitect, Affected Version: 5.2, Vulnerability Type: Improper Access Control
usd-2018-0019.txt (CVE-2018-6462)
Product: Pdf-Xchange Viewer, Affected Version: 2.5.322.7 and earlier, Vulnerability Type: Heap Overflow
05/2018
usd-2018-0001.txt
Product: Starface, Affected Version: 6.4.3.34, Vulnerability Type: Reflected XSS
usd-2018-0002.txt
Product: Starface, Affected Version: 6.4.3.34, Vulnerability Type: Language Expression Injection
usd-2018-0003.txt
Product: Starface, Affected Version: 6.4.3.34, Vulnerability Type: SQL Injection
usd-2018-0004.txt
Product: Starface, Affected Version: 6.4.3.34, Vulnerability Type: Cross-site request forgery
usd-2018-0018.txt
Product: Projektron BCS, Affected Version: All versions before 7.38.45, Vulnerability Type: Reflected XSS