
LabKey
Missing: LabKey's Product Demo & Case Studies
Promote your product offering to tech buyers.
Reach 1000s of buyers who use CB Insights to identify vendors, demo products, and make purchasing decisions.
Missing: LabKey's Product & Differentiators
Don’t let your products get skipped. Buyers use our vendor rankings to shortlist companies and drive requests for proposals (RFPs).
Latest LabKey News
Jan 28, 2019
These flaws mainly related to cross-site scripting (XSS) allowing attackers to perform XSS attacks. LabKey Server, a popular offering by LabKey which allows scientists to collaborate with medical research data, was recently found to have security vulnerabilities. The software suite contained cross-site scripting flaws that allowed attackers to inject malicious code, following which it creates redirects to fake URLs as well as admin access. Security firm Tenable Research, which conducted an in-depth analysis on LabKey Server, provided a comprehensive review of these vulnerabilities. According to a blog post by the company, LabKey Server has three flaws which are described are as follows. CVE-2019-3911 - Cross-Site Scripting: Query functions which are not validated makes it possible to conduct XSS attacks by allowing arbitrary code execution in the user’s browser. CVE-2019-3912 - Open Redirects: The returnUrl function can also allow return paths to be edited. As a result, attackers can redirect users to their own locations. CVE-2019-3913 - Logic Flaw in Network Drive Mapping Functionality: A logic flaw when mapping network drives allows attackers to map their own drives to the server. This also aligns to the fact that attackers have admin access. Fortunately, the latest version of LabKey Server i.e., 18.3.0-61806.763, comes with fixes for all these vulnerabilities. Research data can be manipulated Jacob Baines, a senior research engineer from Tenable told ThreatPost how the vulnerabilities can lead to abuse of research information. “The attacker could perform any action that their target could perform on the LabKey system since they would be using the victim’s credentials. This could potentially mean accessing or manipulating research data, depending on the targeted user’s access.” indicated Baines. It is recommended for all users to update to the latest version of LabKey server to stay protected from vulnerabilities. + Aware
LabKey Frequently Asked Questions (FAQ)
Where is LabKey's headquarters?
LabKey's headquarters is located at Seattle.
Discover the right solution for your team
The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.