The disclosure of new 3rd party vulnerabilities by Portcullis Labs is handled in co-ordination with Talos following Cisco’s publicly documented vulnerability disclosure policy. In the event that you need to email us, the Portcullis Labs bughunters PGP key can be found in the PGP Global Directory.
- CVE-2018-3881 – FocalScope XML External Entity Injection Vulnerability
- CVE-2018-1655 – IBM AIX rmsock SetUID Binary Information Leak
- CVE-2017-16349 – SAP BPC Web Application Information Disclosure Vulnerability
- CVE-2017-1105 – IBM DB2 Shared Memory Insecure Permissions Vulnerability
- CVE-2017-2815 – Open Fire User Import Export Plugin XML External Entity Injection
- CVE-2016-9044 – Information Builders WebFOCUS Business Intelligence Portal Command Execution Vulnerability
- CVE-2016-9045 – ProcessMaker Enterprise Core Code Execution Vulnerability