The analysts at usd HeroLab examined the popular Open Source Web Server Apache Tomcat as part of their security analyses. Two vulnerabilities were...
Security Advisories for Apache Tomcat
read more
Security Analysis
Deploying Files via Group Policies or How Group Policy Updates Can Ruin Your Day
During a workstation assessment at the beginning of 2021, usd HeroLab analysts identified a trivial privilege escalation vulnerability occurring...
Security Advisories for CA Harvest
The analysts at usd HeroLab examined the CA Harvest Software Change Manager as part of their security analyses. This revealed a vulnerability in the...
Security Advisories for Apache Karaf <=4.3.2
The analysts at usd HeroLab examined the Apache Karaf software as part of their security analyses. This revealed a vulnerability in the...
Security Advisories for FileCloud < v21.3
The usd HeroLab analysts identified cross-site request forgery (CSRF) vulnerabilities in FileCloud's enterprise file sharing solution while...
Next Level Reporting: Our New Test Report Ensures Transparent and Comprehensible Pentest Results
A meaningful result is an essential part of a thorough security analysis. The majority of pentest result reports focus on the identified...
Security Advisory on Micro Focus HPE Operations Agent 12.04.006
Our HeroLab analysts have performed a security analysis on the product HPE Operations Agent by Micro Focus. They identified an XXE (XML eXternal...
Security Advisory for Zulip <= v4.7
Our HeroLab analysts have performed a security analysis on the open-source collaboration software Zulip. They identified a server-side request...
Security Advisory for Thruk Monitoring < v2.46.3
Our analysts at usd HeroLab have examined the Thruk monitoring web interface for e.g. Naemon, Nagios or Icinga during their security analysis. A...
Security Advisory for Grafana < v8.1.3
Our analysts at usd HeroLab discovered security vulnerabilities in Grafana's input validation while performing their pentests. Through these...
Software Security: Static Code Analysis
In practice, it is not an easy task for manufacturers to continuously integrate a strong security mindset into complex software projects. In our...
Software Security: Requirement and Threat Analysis
In practice, it is not an easy task for manufacturers to continuously integrate a strong security mindset into complex software projects. In our...