mariuszkrzaczkowski
commented
5 years ago Here is a description of how to report security errors: https://github.com/YetiForceCompany/YetiForceCRM/issues/new?assignees=&template=4-security.md&title=%5BSecurity%5D+
We'll verify it asap and get back to you. The report was removed due to security - it enclosed sensitive data about your CRM and server.
Please always send files to security@yetiforce.com
ojimenezt
[ES]Nuestra empresa esta en proceso de auditoria ENS (Esquema Nacional de Seguridad) aplicado para España, como criterio de evolución es la revisión de las vulnerabilidades de las aplicaciones que usa la empresa y una de ella es Yetiforce, luego de efectuarse un análisis básico con OWASP ZAP se detecto una vulnerabilidad de nivel Alto (Informe Adjunto).
Nosotros queremos continuar con el uso de Yetiforce como herramienta CRM, por el cual no gustaría su ayuda con la resolución del problema, de ser necesario informar si se debe adjudicar algún pago por el soporte.
[ENG]Our company is in the process of auditing ENS (National Security Scheme) applied to Spain, as an evolution criterion is the review of the vulnerabilities of the applications used by the company and one of them is Yetiforce, after a basic analysis with OWASP ZAP detected a High level vulnerability (Attachment Report).
We want to continue with the use of Yetiforce as a CRM tool, for which we would not like your help with the resolution of the problem, if it is necessary to inform if any payment for the support should be awarded.
The analysis was carried out at versions 5.1 and 5.2, maintaining the same problem.