Security Advisories

In order to protect businesses against hackers and criminals, we must ensure that our skills and knowledge are up to date at all times. Therefore, security research is just as important to our work as is building up a security community to promote an exchange of knowledge. After all, more security can only be achieved if many people take on the task.

Our CST Academy and the HeroLab are essential parts of our security mission. We share the knowledge we gain in our practical work and our research through training courses and publications.

In this context, the usd HeroLab publishes a series of papers on current vulnerabilities and security issues.

Always in the name of our mission: “more security.”

Below you find our latest security advisories:

01/2019

usd-2018-0032.txt
Product: Riverbed SteelCentral AppResponse, Affected Version: 9.6
Vulnerability Type: Reflected Cross-Site-Scripting Vulnerability

usd-2018-0034.txt
Product: Dropbear, Affected Version: current master branch (commit cb945f9f670e95305c7c5cc5ff344d1f2707b602)
Vulnerability Type: Username Enumeration

usd-2018-0035.txt
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data

usd-2018-0036.txt
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data

usd-2018-0037.txt
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data

usd-2018-0038.txt
Product: Cisco Unified Communications Manager, Affected Version: 11.5.1.15900-18 (likely in all versions)
Vulnerability Type: Exposure of Sensitive Configuration Data

12/2018

usd-2018-0024.txt
Product: Shpock App, Affected Version: Shpock App for Andriod & Iphone
Vulnerability Type: Username Enumeration

usd-2018-0025.txt (CVE-2018-7750)
Product: SEP sesam, Affected Version: 4.4.3.61,
Vulnerability Type: Authentication Bypass

usd-2018-0026.txt (CVE-2018-18245)
Product: Nagios Core, Affected Version: 4.4.2,
Vulnerability Type: Stored XSS

usd-2018-0027.txt (CVE-2018-18246)
Product: Icinga Web 2, Affected Version: 2.6.1,
Vulnerability Type: CSRF

usd-2018-0028.txt (CVE-2018-18248)
Product: Icinga Web 2, Affected Version: 2.6.1,
Vulnerability Type: Reflected XSS

usd-2018-0029.txt (CVE-2018-18247)
Product: Icinga Web 2, Affected Version: 2.6.1,
Vulnerability Type: Stored XSS

usd-2018-0030.txt (CVE-2018-18249, CVE-2018-18250)
Product: Icinga Web 2, Affected Version: 2.6.1,
Vulnerability Type: Denial of Service, Sensitive Data disclosure

usd-2018-0031.txt (CVE-2018-13376)
Product: Fortigate 900D, Affected Version: FW: V. 5.6.2 Build 1486 (GA),
Vulnerability Type:  Sensitive Data disclosure

11/2018

usd-2018-0023.tx (CVE-2018-1000805)
Product: Paramiko , Affected Version: 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6,
Vulnerability Type: Authentication Bypass

usd-2018-0021.txt (CVE-2018-15498)
Product: SafeQ Pro SmartCard v2, Affected Version: V2,
Vulnerability Type: Replay Attack

usd-2018-0020.txt (CVE-2018-18473)
Product: Patlite, Affected Version: NBM-D88N, Patlite NHL-3FB1, Patlite NHL-3FV1N,
Vulnerability Type: Backdoor

07/2018

usd-2018-0013.txt
Product: Lexware professional 2017 , Affected Version: 17.02,
Vulnerability Type: Improper Access Control

usd-2018-0014.txt
Product: Lexware professional 2017, Affected Version: 17.02,
Vulnerability Type: Improper Access Control

usd-2018-0015.txt
Product: Lexware professional 2017, Affected Version: 17.02,
Vulnerability Type: Improper Access Control

usd-2018-0016.txt
Product: Lexware professional 2017, Affected Version: 17.02,
Vulnerability Type: Denial of Service

usd-2018-0017.txt
Product: Lexware professional 2017, Affected Version: 17.02,
Vulnerability Type: Broken Authentication

06/2018

usd-2018-0006.txt
Product: FirstSpirit SiteArchitect, Affected Version: 5.2, Vulnerability Type: Path Traversal

usd-2018-0012.txt
Product: FirstSpirit SiteArchitect, Affected Version: 5.2, Vulnerability Type: Improper Access Control

usd-2018-0019.txt (CVE-2018-6462)
Product: Pdf-Xchange Viewer, Affected Version: 2.5.322.7 and earlier, Vulnerability Type: Heap Overflow

05/2018
usd-2018-0001.txt
Product: Starface, Affected Version: 6.4.3.34, Vulnerability Type: Reflected XSS

usd-2018-0002.txt
Product: Starface, Affected Version: 6.4.3.34, Vulnerability Type: Language Expression Injection

usd-2018-0003.txt
Product: Starface, Affected Version: 6.4.3.34, Vulnerability Type: SQL Injection

usd-2018-0004.txt
Product: Starface, Affected Version: 6.4.3.34, Vulnerability Type: Cross-site request forgery

usd-2018-0018.txt
Product: Projektron BCS, Affected Version: All versions before 7.38.45, Vulnerability Type: Reflected XSS