Erik Kipka has been working as a consultant in the field of IT security at softScheck GmbH since 2019. His professional focus includes IT security audits of networks, software and hardware products as well as the development, testing and evaluation of security concepts and security architectures.
During a security test at one of our customers, we came across a web application with integrated helpdesk software. In this context, we identified a critical zero-day vulnerability in Zammad's software. This existed because Zammad did not …
On November 24th a critical vulnerability in Log4j was reported to Apache. It was later made public under the name Log4Shell (CVE-2021-44228); it can be exploited effortlessly remotely and allows an attacker to execute his own code (RCE). …