Responsible Disclosure

If you have found a security vulnerability or issue on Comarch product, please contact our responsibility team. We do not run a bug bounty program.

To alert us please email vuln@comarch.com. Please encrypt emails containing sensitive information using our PGP key)

To help us better address your discovery, please include the following information:

  • The name of the Comarch product and the respective version information.
  • Vulnerability: Provide a short description of the vulnerability (e.g XSS, data leak, security misconfiguration)
  • Full Description: Provide a full description of the vulnerability and optionally exploit
  • Documentation: Identify steps required to reproduce the vulnerability. These can be videos, screenshots, PoC

Please do not send vulnerabilities from automatic tools or scanners without additional analysis as to how they're an issue. Never attempt to access anyone else's data or personal information including by exploiting a vulnerability. Unless Comarch gives you permission, do not disclose any issues to the public, or to any third party.

PGP Public Key

Active Date: 15.05.2023
Expiration Date: 20.05.2025
Key Type: RSA
Key Size: 4096 bits
Fingerprint: 0D9F 3C8A B2ED 70C0 5134 A70D 1484 2060 CA28 25C0

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGRh9GYBEADby6zCLsbepk+fmsquhPCjCFCjd9/zpw5lcmQcFIXos3NSdUMK
L27Oor/e3CS1k7XeBXEiIrteTW152exRDYrTHrx3Vxvi9QIX9544UBE3j+F+jdF+
g51XTfuqObe0A3S+xkRXvRfjgCQbVjchP+nHelMYRFprBCz93Gdm6o1XXsYgB85p
rG1gdoFTbLUzxEo9di9gy2Bt2txxYZX38U6ZyhD8tmk0ienjk9bOPSSKfT1LgWIo
z67KBNonZ50s4TT5IiNR2sl0LpVfE4Wxvj8DZgfibxP+G7S0BqbyQx/pijShnDsI
e45ioD8UapjuNTZxdbNc6CDRpBvX+xIQizVivpXPnan8AOhAgBBiXROQlEMkcmu9
05Q9AlOhKiChPXlf1JZyvHLp+9bzyxm8dFaldJg5uqbJOswV9jBPINO9WoZ+P0z6
GK6ETn9HZuX6EqVy7LVCtRIxUtOZVPRD8K6lYGxJ8TCB8IP+fPnq1E7dVnHbyvJQ
y0ZRxfpVZUgqPqRmuSL7QgfKWytLnTQkjyzAdWMNeZ/hsMl1WKE1cI0/eR7pe2KI
iZQ2pLoLNRLk9DO/zyEqirbNIPhduRSF4jyBlK9OzNrNbX7F+LQqLYrmBg1rbNm7
0MZOFbbvPj9CcXVmrfaZ7Kceln31AbJWOg2Mef2PpwInt8jC7Dk8lHaXgQARAQAB
tChDb21hcmNoIFNlY3VyaXR5IFRlYW0gPHZ1bG5AY29tYXJjaC5jb20+iQJXBBMB
CABBFiEEDZ88irLtcMBRNKcNFIQgYMooJcAFAmRh9GYCGwMFCQPKXjoFCwkIBwIC
IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQFIQgYMooJcCWVBAAy5gQFjP1MrHOVDM6
dBTbIMRU5uksk55/2xmZyWw0z6ts2TJrA5Y3ZwzPKQ4qBwsI4+lTegA7XdLE+2hR
i66xl9PdA+GzIwr7qAsOLpnWs8vJrhvjcSTIVCQc3pxH9vdL3R5GPOfDz+feD6Fm
FAJevgHcLoQ0awyl0jgxC9dPRUzgizz15G8KFMz7YGIpz0JBXdBxHcTqNeAIM2sb
xJvBMsoeRTe+DvKpWA7+9jqhheZriE3lWNMvgS+BgJavf7daqV1oVK8OvCVI9qc+
rlviW31/koJ4i3ifitbzqRAwj0dPtOlkePrXBa6uDh+cUI2bvrc90B84btUsZbBk
WRxTmlDUe+YWPMpx5/0X83FMBmLZLl6MB4hHECqiwJ+ayE2G+ovWQjo/hGOh6pkO
vtmnIteNFftWG3ZEfHodRgL+79QgmCgdGJq0Jcty2fwXDTh4BgXGUVDplH7umyDS
uxwW73zJIehOHzoUuWs+PxWAUAwDuxkntXumb5zR1i1Je+Ha3ISuRBryi651q5M3
s1nk5mNVhfXrQ8wZse80j0ThAiPhFwKsBESP9LtL1ihcapuhb9rf7ogL3yP7HCYz
jYCIipscyZU84Xfpo10CvsSvJEnYwn8g2ojrFVBlL2tj51sCo6Fynwlg6elBDNf7
see1MreZSXgkvS/q9UFEPGRabhu5Ag0EZGH0ZgEQAK1ilPQ/LW72AaWjeMxi9UrH
9/RfaGUkiz4oVRqfw2LEMA89qGiVERRgFiHWakxqdkWh6xwhRT0hEmh8HpaWlLNU
G1GbeRynLtoDPBw2hdHuh7R8ShhWACwLZdWRcDK4dBaHPTfgxD1eh7Csujmhih45
vqUhyghBRESwednN5foAzfIJgbxAQhsE/xcbaPPoo15iffVCl2o9jENw4+UiVobd
7seOeGz3fw1/2jpt2jGeHDyDibMoyiSzLaepWQgQQjZ0BZVJ3SobLtHHU+wVitFk
TjJTlxlwoI8NLBP7P2lT7ESpP2hJbqk6Si9KbEV4A4dwSCrGwNWlWOq9pV4Ca8jT
OzRWtgVj1O+g9i6WnO1xt1T8lglJbDN5+GkK3HDbl8sleX1FdhLWAEwYYaQwLvA5
vF1b8Q5v4tAhWbccXywhqmbnrmoUiVsFjaEupAN++Gd4RiTPgyNlkGQ3Vu0yt/RC
sNcaGmDZ+ZkuAhSlqwXGLKGefiwcfaJqbuHjiLfq6yAW0Tu7Sua0sJ6uZZeGg0dq
A3++UJ+Ul2WIYjc3DTrvVkQkcQa1/sYGV1pEk3jto5hg71UVN1YKafTYwmhQmMxD
yfbiQQcBXOFOqJr5N5rvd+d1x/ZsKL7aS9Ka7LVd/GzjYqO7N6NaQ2+td2fCSWNt
n/VFWMdD3sFy4aKE1hT1ABEBAAGJAjwEGAEIACYWIQQNnzyKsu1wwFE0pw0UhCBg
yiglwAUCZGH0ZgIbDAUJA8peOgAKCRAUhCBgyiglwJ+hEACDMZOJlyBjrVs5E8dA
8fIewM0qoTvWBOEY1VSGf29bBTqS9qa8Dk+ffCmAiJDT2eTCKwgiLsmiDeRr26FH
3ZdIxqqw8c4HtbhrqmZWoNfuuCcEaVi+BO2lUwwdYV0jXyfKfC7E+7K5j0SjPwWS
koZpiOzNcEeoKTzyofhf3HCWzN7vJwp8vQvTBRqW/6jWNUiG2zdJvTaLU9CF4qja
fe64emYk5OZTFow2kESqBjw3KAm1r+NHkVGISViH4eY8oQkw2oKbWWKoEEbrl6Cf
q0fp0WSMn8pS8+2L1gBDCr7TqohI0TJl3WFPkxOWl99Z/VF8al7jUbiSrePj5f7H
No9tkRNS0dMp5TjQgkFgCFzhAPef9SdyvmYb3oxwAwmbfTKxwa0gpnkY+HJfNull
6ur4p0it0DUSs5IblwtcHcG9kdQPGUCOAc0NFzb8d8UVuJmGL/uUuOYht7u5VDq7
jRNVvfvzNDVyQ8l//FvdpDZAORvGQiedM1rI2g2oiOhUjnR0lq340vOEWZ4GALH3
nkZHQcxXIx4IK8OsDbDchx2t2e438S7xD1FjB9aVT/eQFk+56qoCnZRjGoTZ2IXR
hfM4YzvZMWQ/qoDcWpizOh4wMOEsCioS8/dxChU8USsOpXg19bAjeSBxSSI0xLQx
OwWu/78M623lJuLExQ0mGJBGJw==
=W6Q4
-----END PGP PUBLIC KEY BLOCK-----