Search company, investor...
LabKey company logo


About LabKey

LabKey is a software and professional services provider that specializes in helping organizations overcome the unique data management, collaboration, and workflow challenges faced in the scientific research environment.

Headquarters Location

Seattle, Washington,

United States

Missing: LabKey's Product Demo & Case Studies

Promote your product offering to tech buyers.

Reach 1000s of buyers who use CB Insights to identify vendors, demo products, and make purchasing decisions.

Missing: LabKey's Product & Differentiators

Don’t let your products get skipped. Buyers use our vendor rankings to shortlist companies and drive requests for proposals (RFPs).

Latest LabKey News

LabKey servers face vulnerabilities; medical research data at stake

Jan 28, 2019

These flaws mainly related to cross-site scripting (XSS) allowing attackers to perform XSS attacks. LabKey Server, a popular offering by LabKey which allows scientists to collaborate with medical research data, was recently found to have security vulnerabilities. The software suite contained cross-site scripting flaws that allowed attackers to inject malicious code, following which it creates redirects to fake URLs as well as admin access. Security firm Tenable Research, which conducted an in-depth analysis on LabKey Server, provided a comprehensive review of these vulnerabilities. According to a blog post by the company, LabKey Server has three flaws which are described are as follows. CVE-2019-3911 - Cross-Site Scripting: Query functions which are not validated makes it possible to conduct XSS attacks by allowing arbitrary code execution in the user’s browser. CVE-2019-3912 - Open Redirects: The returnUrl function can also allow return paths to be edited. As a result, attackers can redirect users to their own locations. CVE-2019-3913 - Logic Flaw in Network Drive Mapping Functionality: A logic flaw when mapping network drives allows attackers to map their own drives to the server. This also aligns to the fact that attackers have admin access. Fortunately, the latest version of LabKey Server i.e., 18.3.0-61806.763, comes with fixes for all these vulnerabilities. Research data can be manipulated Jacob Baines, a senior research engineer from Tenable told ThreatPost how the vulnerabilities can lead to abuse of research information. “The attacker could perform any action that their target could perform on the LabKey system since they would be using the victim’s credentials. This could potentially mean accessing or manipulating research data, depending on the targeted user’s access.” indicated Baines. It is recommended for all users to update to the latest version of LabKey server to stay protected from vulnerabilities. + Aware

LabKey Frequently Asked Questions (FAQ)

  • Where is LabKey's headquarters?

    LabKey's headquarters is located at Seattle.

Discover the right solution for your team

The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.

Request a demo

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.