Gordon MacKay Chief Technology Officer Digital Defense

Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security risk assessments, discovered a previously undocumented vulnerability which affected multiple Novell GroupWise agents. The HTTP interfaces for the GroupWise agents are vulnerable to an arbitrary file retrieval condition due to a failure to properly filter certain crafted directory traversal sequences. A malicious attacker could potentially leverage this flaw to retrieve files with the privileges of the vulnerable agent(s). DDI immediately notified Novell of the finding and an alert including a patch to remediate the issue was issued by Novell.  This security issue was revealed using DDI’s patent-pending vulnerability scanning technology.

Previously unknown software flaws (zero-day), or undocumented vulnerabilities, pose a serious threat to organizations, whether a large enterprise or a small business network. A single exploited vulnerability in one computer or network can be devastating, resulting in severe financial and reputational losses.

Gordon MacKay, Chief Technology Officer at DDI states, “Our unique capability to proactively research and discover unknown vulnerabilities - and then act quickly to bring timely disclosures allows our clients to take precautionary measures to reduce risk against compromises potentially introduced by these flaws. Ultimately, we’re in the business of providing peace of mind”.

DDI’s Vulnerability Research Team (VRT) provides the analytic expertise necessary to quickly identify zero-day issues, as well as to provide Decisive Security Intelligence that is guiding the information security strategies and improving the security posture of organizations across the globe. 

DDI has issued multiple vulnerability disclosures, including those within widely used platforms such as the IBM WebSphere Application Server, the KnowledgeTree Online Document Management System, HP Jet Direct Embedded Web Server and Epicore Software Interface.  

Founded in 1999, Digital Defense, Inc. (DDI) is the premier provider of managed security risk assessment solutions protecting billions in assets for small businesses to Fortune companies in over 65 countries. DDI’s dedicated team of experts helps organizations establish a culture of security through regular information security assessments, awareness education and Decisive Security Intelligence. This proven method bolsters the capability of organizations to reduce risk and keep information, intellectual property and reputations secure. The combination of DDI’s certified Security Analysts, patent-pending scanning technology and proprietary cloud-based vulnerability management system, Frontline Solutions Platform, delivers the most powerful assessment results and remediation management solutions possible.