San Antonio, TX – October 4, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security risk assessments, discovered a previously undocumented vulnerability which affected multiple Novell GroupWise® agents. The HTTP interfaces for the GroupWise agents are vulnerable to an arbitrary file retrieval condition due to a failure to properly filter certain crafted directory traversal sequences. A malicious attacker could potentially leverage this flaw to retrieve files with the privileges of the vulnerable agent(s). DDI immediately notified Novell of the finding and an alert including a patch to remediate the issue was issued by Novell. This security issue was revealed using DDI’s patent-pending vulnerability scanning technology.
Previously unknown software flaws (zero-day), or undocumented vulnerabilities, pose a serious threat to organizations, whether a large enterprise or a small business network. A single exploited vulnerability in one computer or network can be devastating, resulting in severe financial and reputational losses.
Gordon MacKay, Chief Technology Officer at DDI states, “Our unique capability to proactively research and discover unknown vulnerabilities - and then act quickly to bring timely disclosures allows our clients to take precautionary measures to reduce risk against compromises potentially introduced by these flaws. Ultimately, we’re in the business of providing peace of mind”.
DDI’s Vulnerability Research Team (VRT) provides the analytic expertise necessary to quickly identify zero-day issues, as well as to provide Decisive Security Intelligence that is guiding the information security strategies and improving the security posture of organizations across the globe.
DDI has issued multiple vulnerability disclosures, including those within widely used platforms such as the IBM WebSphere® Application Server, the KnowledgeTree™ Online Document Management System, HP Jet Direct Embedded Web Server and Epicore Software Interface.