Predict your next investment

INTERNET | Internet Software & Services / Collaboration & Project Management

See what CB Insights has to offer

About LabKey

LabKey is a software and professional services provider that specializes in helping organizations overcome the unique data management, collaboration, and workflow challenges faced in the scientific research environment.

LabKey Headquarter Location

Seattle, Washington,

United States

Latest LabKey News

LabKey servers face vulnerabilities; medical research data at stake

Jan 28, 2019

These flaws mainly related to cross-site scripting (XSS) allowing attackers to perform XSS attacks. LabKey Server, a popular offering by LabKey which allows scientists to collaborate with medical research data, was recently found to have security vulnerabilities. The software suite contained cross-site scripting flaws that allowed attackers to inject malicious code, following which it creates redirects to fake URLs as well as admin access. Security firm Tenable Research, which conducted an in-depth analysis on LabKey Server, provided a comprehensive review of these vulnerabilities. According to a blog post by the company, LabKey Server has three flaws which are described are as follows. CVE-2019-3911 - Cross-Site Scripting: Query functions which are not validated makes it possible to conduct XSS attacks by allowing arbitrary code execution in the user’s browser. CVE-2019-3912 - Open Redirects: The returnUrl function can also allow return paths to be edited. As a result, attackers can redirect users to their own locations. CVE-2019-3913 - Logic Flaw in Network Drive Mapping Functionality: A logic flaw when mapping network drives allows attackers to map their own drives to the server. This also aligns to the fact that attackers have admin access. Fortunately, the latest version of LabKey Server i.e., 18.3.0-61806.763, comes with fixes for all these vulnerabilities. Research data can be manipulated Jacob Baines, a senior research engineer from Tenable told ThreatPost how the vulnerabilities can lead to abuse of research information. “The attacker could perform any action that their target could perform on the LabKey system since they would be using the victim’s credentials. This could potentially mean accessing or manipulating research data, depending on the targeted user’s access.” indicated Baines. It is recommended for all users to update to the latest version of LabKey server to stay protected from vulnerabilities. + Aware

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

LabKey Web Traffic

Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

LabKey Rank

CB Insights uses Cookies

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.