{"id":11667,"date":"2021-05-25T15:15:43","date_gmt":"2021-05-25T13:15:43","guid":{"rendered":"https:\/\/usd.formwandler.rocks\/meldung-bug-oder-schwachstelle\/"},"modified":"2022-04-13T16:34:22","modified_gmt":"2022-04-13T14:34:22","slug":"report-a-vulnerability-or-bug","status":"publish","type":"page","link":"https:\/\/www.usd.de\/en\/report-a-vulnerability-or-bug\/","title":{"rendered":"Report a vulnerability or bug"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0px||0px||true|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" width=\"100%\" custom_padding=\"0px||||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" text_text_color=\"#FFFFFF\" text_font_size=\"30px\" text_line_height=\"1.2em\" header_font=\"Roboto||||||||\" header_text_color=\"#F07F1D\" header_font_size=\"50px\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-header-schwachstellenmeldung.jpg\" custom_margin=\"-31px||0px||false|false\" custom_padding=\"166px|39px|62px|39px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h1 class=\"x-text-content-text-primary\" style=\"text-align: center\">Report a usd<br \/>vulnerability or bug<\/h1>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"|0px|24px|0px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p><span>We make every effort to ensure the security of our websites, platforms and IT infrastructure components. Nevertheless, it may happen that you discover a weakness or bug in our systems. In this case we ask that you handle the vulnerability responsibly and report it to us for correction. For this purpose we have implemented a dedicated process below.<\/span><\/p>\n<h2>Disclosure guideline<\/h2>\n<p><span>We aim to fix reported vulnerabilities or bugs within 60 days. If the vulnerability is found in a third-party component, we will contact the responsible parties to arrange for its remediation. The following rules apply for reporting vulnerabilities and bugs:<\/span><\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<table border=\"0\" style=\"border-collapse: collapse;width: 100%;padding: 0px;border: none;border-width: 0px;height: 23px\">\n<tbody>\n<tr style=\"height: 23px\">\n<td style=\"width: 3%;padding-left: 5px;padding-right: 0px;border: none;border-width: 0px;vertical-align: top;height: 23px\"><i class=\"fas fa-angle-right\"><\/i><\/td>\n<td style=\"width: 97%;padding-left: 10px;padding-right: 0px;padding-top: 0px;border: none;border-width: 0px;height: 23px\">We do not pay premiums for reported vulnerabilities.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<table border=\"0\" style=\"border-collapse: collapse;width: 100%;padding: 0px;border: none;border-width: 0px;height: 23px\">\n<tbody>\n<tr style=\"height: 23px\">\n<td style=\"width: 3%;padding-left: 5px;padding-right: 0px;border: none;border-width: 0px;vertical-align: top;height: 23px\"><i class=\"fas fa-angle-right\"><\/i><\/td>\n<td style=\"width: 97%;padding-left: 10px;padding-right: 0px;padding-top: 0px;border: none;border-width: 0px;height: 23px\">Vulnerabilities may only be published in agreement with usd AG.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<table border=\"0\" style=\"border-collapse: collapse;width: 100%;padding: 0px;border: none;border-width: 0px;height: 23px\">\n<tbody>\n<tr style=\"height: 23px\">\n<td style=\"width: 3%;padding-left: 5px;padding-right: 0px;border: none;border-width: 0px;vertical-align: top;height: 23px\"><i class=\"fas fa-angle-right\"><\/i><\/td>\n<td style=\"width: 97%;padding-left: 10px;padding-right: 0px;padding-top: 0px;border: none;border-width: 0px;height: 23px\">Do not violate applicable law and do not damage or compromise any data of usd and\/or its customers or exploit any confirmed vulnerabilities.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<table border=\"0\" style=\"border-collapse: collapse;width: 100%;padding: 0px;border: none;border-width: 0px;height: 23px\">\n<tbody>\n<tr style=\"height: 23px\">\n<td style=\"width: 3%;padding-left: 5px;padding-right: 0px;border: none;border-width: 0px;vertical-align: top;height: 23px\"><i class=\"fas fa-angle-right\"><\/i><\/td>\n<td style=\"width: 97%;padding-left: 10px;padding-right: 0px;padding-top: 0px;border: none;border-width: 0px;height: 23px\">In vulnerability reports, including any attachments, do not include information that could identify an individual (e.g., name, contact information)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<table border=\"0\" style=\"border-collapse: collapse;width: 100%;padding: 0px;border: none;border-width: 0px;height: 23px\">\n<tbody>\n<tr style=\"height: 23px\">\n<td style=\"width: 3%;padding-left: 5px;padding-right: 0px;border: none;border-width: 0px;vertical-align: top;height: 23px\"><i class=\"fas fa-angle-right\"><\/i><\/td>\n<td style=\"width: 97%;padding-left: 10px;padding-right: 0px;padding-top: 0px;border: none;border-width: 0px;height: 23px\">To help us process vulnerability reports as quickly as possible, please ensure that you explain the steps required to reproduce the vulnerability in detail.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||7px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"0px|0px|17px|0px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2><span>Legal &amp; Conditions<\/span><\/h2>\n<p>By submitting vulnerabilities and\/or proposed solutions (hereinafter referred to as \u201cfeedback\u201d) to usd AG<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<table border=\"0\" style=\"border-collapse: collapse;width: 100%;padding: 0px;border: none;border-width: 0px;height: 23px\">\n<tbody>\n<tr style=\"height: 23px\">\n<td style=\"width: 3%;padding-left: 5px;padding-right: 0px;border: none;border-width: 0px;vertical-align: top;height: 23px\"><i class=\"fas fa-angle-right\"><\/i><\/td>\n<td style=\"width: 97%;padding-left: 10px;padding-right: 0px;padding-top: 0px;border: none;border-width: 0px;height: 23px\">you agree to avoid causing any damage to usd AG and\/or its customers and therefore agree not to disclose any information until a fix and\/or patch has been provided by usd; and<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<table border=\"0\" style=\"border-collapse: collapse;width: 100%;padding: 0px;border: none;border-width: 0px;height: 23px\">\n<tbody>\n<tr style=\"height: 23px\">\n<td style=\"width: 3%;padding-left: 5px;padding-right: 0px;border: none;border-width: 0px;vertical-align: top;height: 23px\"><span class=\"fas fa-angle-right\"><\/span><\/td>\n<td style=\"width: 97%;padding-left: 10px;padding-right: 0px;padding-top: 0px;border: none;border-width: 0px;height: 23px\">you agree that usd AG may use this feedback to update and\/or improve its websites, platforms and IT infrastructure components; and<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<table border=\"0\" style=\"border-collapse: collapse;width: 100%;padding: 0px;border: none;border-width: 0px;height: 23px\">\n<tbody>\n<tr style=\"height: 23px\">\n<td style=\"width: 3%;padding-left: 5px;padding-right: 0px;border: none;border-width: 0px;vertical-align: top;height: 23px\"><i class=\"fas fa-angle-right\"><\/i><\/td>\n<td style=\"width: 97%;padding-left: 10px;padding-right: 0px;padding-top: 0px;border: none;border-width: 0px;height: 23px\">you grant usd AG the right to use your feedback for any purpose without restriction or compensation of any kind with respect to you and\/or your representatives.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" custom_margin=\"76px|0px|3px|0px|false|true\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>Have you discovered a vulnerability or bug?<\/h2>\n<p><span>Please inform us according to the guidelines specified above.\u00a0Please use our registration form or contact us directly at<\/span><a href=\"mailto:incident-response-team@usd.de\"><span>\u00a0<\/span><span>incident-response-team@usd.de<\/span><\/a><span>. For encrypted communication via email, we can offer either\u00a0<\/span><a href=\"\/wp-content\/uploads\/smime_incident_response_team_PUBLIC.pfx_.cer\">S\/MIME<\/a><span>\u00a0or\u00a0<\/span><a href=\"\/wp-content\/uploads\/PGP_incident-response-team%40usd.de_Public.asc.txt\">PGP<\/a><span>. For exchanging data via email, we need your certificate or your public PGP key.<\/span><\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"2px|auto||auto||\" custom_padding=\"||59px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_code module_id=\"Formular-grau\" module_class=\"Formular-grau\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f12409-o1\" lang=\"de-DE\" dir=\"ltr\" data-wpcf7-id=\"12409\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/pages\/11667#wpcf7-f12409-o1\" method=\"post\" class=\"wpcf7-form init wpcf7-acceptance-as-validation\" aria-label=\"Kontaktformular\" novalidate=\"novalidate\" data-status=\"init\">\n<fieldset class=\"hidden-fields-container\"><input type=\"hidden\" name=\"_wpcf7\" value=\"12409\" \/><input type=\"hidden\" name=\"_wpcf7_version\" value=\"6.1.5\" \/><input type=\"hidden\" name=\"_wpcf7_locale\" value=\"de_DE\" \/><input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f12409-o1\" \/><input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/><input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/>\n<\/fieldset>\n<p><label> Title*<br \/>\n<\/label>\n<\/p>\n<p style=\"font-size:14px;font-weight:300;margin-top:-1rem;margin-bottom:0rem\"> Enter a short note or description that helps to identify the vulnerability or bug.\n<\/p>\n<p><span class=\"wpcf7-form-control-wrap\" data-name=\"Titel\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"Titel\" \/><\/span>\n<\/p>\n<p><label> Location*<br \/>\n<\/label>\n<\/p>\n<p style=\"font-size:14px;font-weight:300;margin-top:-1rem;margin-bottom:0rem\"> Enter the components which are affected by the vulnerability or bug.\n<\/p>\n<p><span class=\"wpcf7-form-control-wrap\" data-name=\"fundort\"><textarea cols=\"40\" rows=\"10\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" name=\"fundort\"><\/textarea><\/span>\n<\/p>\n<p><label> CVSS Score*<br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"CVSS-Score\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"CVSS-Score\" \/><\/span> <\/label>\n<\/p>\n<p><label>Description of vulnerability*<br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"Beschreibung-der-Schwachstelle\"><textarea cols=\"40\" rows=\"10\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" name=\"Beschreibung-der-Schwachstelle\"><\/textarea><\/span> <\/label>\n<\/p>\n<p style=\"font-size:18px\"> Steps to reproduction\n<\/p>\n<p style=\"font-size:16px\">Please use our web-based usd exchange platformfor the encrypted data exchange, e.g. for the Proof of Concept (PoC).\n<\/p>\n<p style=\"font-size:16px\">You can find a secure data room here: <a href=\"https:\/\/transfer.usd.de\/index.php\/s\/Q9ZMdQjPbGjHkn7\" style=\"color: #f07f1d\" target=\"_blank\" rel=\"noopener\">https:\/\/transfer.usd.de\/index.php\/s\/Q9ZMdQjPbGjHkn7<\/a>.\n<\/p>\n<p><span class=\"wpcf7-form-control-wrap\" data-name=\"acceptance-942\"><span class=\"wpcf7-form-control wpcf7-acceptance optional\"><span class=\"wpcf7-list-item\"><label><input type=\"checkbox\" name=\"acceptance-942\" value=\"1\" aria-invalid=\"false\" \/><span class=\"wpcf7-list-item-label\">I have uploaded further files (e.g. PoC) to the usd exchange platform.<\/span><\/label><\/span><\/span><\/span>\n<\/p>\n<p><label> Further informationen<br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"Weitere\"><textarea cols=\"40\" rows=\"10\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea\" aria-invalid=\"false\" name=\"Weitere\"><\/textarea><\/span> <\/label>\n<\/p>\n<p style=\"font-size:18px\"> Information about the security researcher\n<\/p>\n<p><label> Email*<br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"E-Mail\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"email\" name=\"E-Mail\" \/><\/span> <\/label>\n<\/p>\n<p><label> Name*<br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"Name\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"Name\" \/><\/span> <\/label>\n<\/p>\n<p><label> Organization<br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"Firma\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"Firma\" \/><\/span> <\/label>\n<\/p>\n<p><label> Social media<br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"Social\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"Social\" \/><\/span> <\/label>\n<\/p>\n<p><label> Public PGP Key<br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"Public\"><textarea cols=\"40\" rows=\"10\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea\" aria-invalid=\"false\" name=\"Public\"><\/textarea><\/span> <\/label>\n<\/p>\n<p><span class=\"wpcf7-form-control-wrap\" data-name=\"acceptance-935\"><span class=\"wpcf7-form-control wpcf7-acceptance\"><span class=\"wpcf7-list-item\"><label><input type=\"checkbox\" name=\"acceptance-935\" value=\"1\" aria-invalid=\"false\" \/><span class=\"wpcf7-list-item-label\">I agree to usd's <a href=\"conditions and guidelines\/\" style=\"color: #f07f1d\">privacy protection<\/a>*<\/span><\/label><\/span><\/span><\/span>\n<\/p>\n<p style=\"font-size:16px\">Detailed information on the handling of your user data can be found in our <a href=\"\/en\/privacy-protection\/\" style=\"color: #f07f1d\">privacy protection<\/a>.\n<\/p>\n<p>Input this code: <input type=\"hidden\" name=\"_wpcf7_captcha_challenge_captcha-170\" value=\"2699578516\" \/><img loading=\"lazy\" decoding=\"async\" class=\"wpcf7-form-control wpcf7-captchac wpcf7-captcha-captcha-170\" width=\"72\" height=\"24\" alt=\"captcha\" src=\"https:\/\/www.usd.de\/wp-content\/uploads\/wpcf7_captcha\/2699578516.png\" \/><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"captcha-170\"><input size=\"4\" maxlength=\"4\" class=\"wpcf7-form-control wpcf7-captchar\" autocomplete=\"off\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"captcha-170\" \/><\/span>\n<\/p>\n<p><input class=\"wpcf7-form-control wpcf7-submit has-spinner\" type=\"submit\" value=\"Submit\" \/>\n<\/p><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/form>\n<\/div>\n[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Report a usdvulnerability or bugWe make every effort to ensure the security of our websites, platforms and IT infrastructure components. Nevertheless, it may happen that you discover a weakness or bug in our systems. In this case we ask that you handle the vulnerability responsibly and report it to us for correction. For this purpose [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"<!-- wp:divi\/placeholder \/-->","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-11667","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/11667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=11667"}],"version-history":[{"count":0,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/11667\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=11667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}