Author Topic: LabKey Vulnerabilities Threaten Medical Research Data  (Read 1971 times)

0 Members and 1 Guest are viewing this topic.

Offline Antus67

  • Full Member
  • ***
  • Posts: 94
LabKey Vulnerabilities Threaten Medical Research Data
« on: January 26, 2019, 01:08:33 PM »

Author: Tara Seals
January 25, 2019 5:16 pm

A trio of vulnerabilities in a popular open source medical data collaboration tool leaves important healthcare research data and potentially subject information open to multiple cross site scripting (XSS) attacks. The flaws are serious as they allow an attacker to retrieve user credentials once a user clicks a malicious link.

Tenable Research on Thursday said that the flaws, which exist in LabKey Server Community Edition 18.2-60106.64, allow a remote unauthenticated attacker to run arbitrary code through their browser, create open redirects to push users to malicious URLs, and map malicious network drives after gaining administrative access.

Full Article Here: