01/28/24 – ZDI reported the vulnerability to the vendor.
02/05/24 – ZDI asked for confirmation of receipt.
02/06/24 – The vendor confirmed receipt of the report.
04/29/24 – ZDI asked for an update.
05/24/24 – ZDI asked for an update.
05/29/24 – The vendor states that the vulnerability has been addressed but would need to get verification from QA.
07/22/24 – ZDI asked for an update.
07/29/24 – The ZDI informed the vendor that since we never received a confirmation that the vulnerability was patched, we have no choice but to assume this issue hasn’t been remediated and that we intend to publish the report as a zero-day advisory on 8/01/24.

— Mitigation: Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application

Post
Filter
Apply Filters