Responsible Disclosure

If you have found a security vulnerability or issue on Comarch product, please contact our responsibility team.
To alert us please email vuln@comarch.com. Please encrypt emails containing sensitive information using our PGP key)

To help us better address your discovery, please include the following information:

  • The name of the Comarch product and the respective version information.
  • Vulnerability: Provide a short description of the vulnerability (e.g XSS, data leak, security misconfiguration)
  • Full Description: Provide a full description of the vulnerability and optionally exploit
  • Documentation: Identify steps required to reproduce the vulnerability. These can be videos, screenshots, PoC

Never attempt to access anyone else's data or personal information including by exploiting a vulnerability.
Unless Comarch gives you permission, do not disclose any issues to the public, or to any third party.

PGP Public Key

Active Date: 20.05.2021
Expiration Date: 20.05.2023
Key Type: RSA
Key Size: 4096 bits
Fingerprint: 9AEB 7073 3F77 F37E B980 1923 B7E7 D6ED 3C9D 1DC8

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGCmIA0BEADFRWsB0Uyo9aUFGuNkMbFp28DX4dguwtsDKB3bn6mfUJqSRweY
FrUjMfqAS28poF/2iefRWhK2rqydgNRhlrnYItyhWIoptLh5GsfvlkMnrjlBTLUB
gm0itV073cBr3dCpcd1hG+IV/tu2kAw6k6KGEKruRyJNa2vfDWD0oF/LNNPn6c+s
+q8emtEsDtrFbMTCl1SyRzwKakHWICBtDoW9wNRXorvbkqSiHFLrw5JE3nch5TIs
r3pfVSAsLqcfweIgZvfS3UDYvhavAAcTqE8fdl6QOwcaE2kXl8rkP42jP8aeXQ9V
gScVC3nJPeT23HWLm98OKrVV6GojL+dn1asPUdWyKXHTGcwCa1tZGdr1ychj/wUy
Wkj3DDk2fCBh9cIlk7Gp5rLFsVC5mL8HA5TPtyZgLYsHY3BkmlKkkEYJlfVtbGoW
YTIP7bnOtAwPo3IsvKnoLxDzUAJuI/ALHjwu+fMXR6aQ9yVYaYDrJAm8qkwcJUOK
JI5ielwOKXZ9Yo8fgfQXflpLM7z2tROTd+oXHCkrcOobe/gtS7WsqKa9nicidJ6j
uAseoWmsWBoY0ZxGKFO9O4VmXTU1dln5GIOFufofsRzZvlkMBCLqCerqcR6LlvDf
fTcpxCaurMRGbhV7RGPpnUqs8lKuPOSbN2h+9Z9ZcPhjTLDy2kRtO36VJwARAQAB
tChDb21hcmNoIFNlY3VyaXR5IFRlYW0gPHZ1bG5AY29tYXJjaC5jb20+iQJUBBMB
CAA+FiEEmutwcz938365gBkjt+fW7TydHcgFAmCmIA0CGwMFCQPCehMFCwkIBwIG
FQoJCAsCBBYCAwECHgECF4AACgkQt+fW7TydHcgAOxAApLyRTktJ0N3zJSvRDp6e
JsDDNIziIEx7s3lCaO7Wp9g05AO/6NTlDsScJdcPzpyWB43GC1pktkOZxcwG6/gb
qAjfgO9NNppd7YEneTvFO4Moh+T3CLTxH3Q8K2wJVnPgYqmpBikstYeI2z/IMr2t
mmlpKpj6pxi6Ngi8ydmdUU44KMIGnNM2zXHOH6TaEm4hQsffKSZmd1AZT3HZEZlo
br5Za99ove0l98vTHtMlpWprcD4jceW0On4Myp5Noa75pAPwCXn5nTY7hmAbP4+b
A+E6W4mRwhnun89oL68+piRKSe0VD7RFT4nfFTlcfzsU3zaY2LpYoGxApqS0iW+d
Dz7N53V1iBsrL9rInV01P7pJUBNb0rOiAfNn5a+aJi0D9yF+hAAtvLBFLpLx6YX6
0RCYmb39Hz6d3fDLSqSp2vHNV/5EZIa6MIlzPxfq1+ZzQD5baNJnd3/qFgspjdM/
T8eAHnT1hW7YhFtpa94x3ZjaKoydCiM4ryjYB0EeBZ55jAJHHf8lhnjrsWlI2t+a
2PFPkbVao0iI0T1bEFq28okvJws9GtqquxRLpqgGUypAWV/mr8/3MsoJiqu6HC9l
UproIj2Gxd9+bXMvZBNTM4jZ8qveQ9BOKw13iT4JJrzaj9F+dSFrc416BU3wVinF
kWdBWJhwElam0MaOpp1zy9q5Ag0EYKYgDQEQAKm9foqKM9I6IRbdbtreJrdixfNz
3JLWIm6BZmFZZP2TO+xHGzgOG+KmVDNAiNtK/qsKnAjxFpFoKHgxnOFeyZDoR+Co
4sa/L8XxQPI4pKpLTqW8lMOUv6twqqk3XiOeOwimwjFtkvxqXhWmU3uvwwPn96Ue
Kx9IFrf3fHJWNn8P9XA2PQ6JeMQkdX6fxrZ+rf3LQcntvDXn1kG5XRanv/LcoAXc
9CBMd45+TUDpYLRzOwZ08zhUvj6XW+9R2BNwYmCCPTi419yR/dIpingY/Bd1Ca61
rqZzUKCCEQNy5YOTj1l1bBLOge1hVV9xJ0GSR2nnHdZ2k3rgEVj1hIYRoj+iFL0F
hilubgnX7+sW0lVg63It/hWsva9brj0eXQ0nGgQtUJ8lJjbu5wTR0VT8afvKHE/V
qpSpCdGzZ+CaPfc5ghQS406s8kWW7VnNGCRSuW/UpUq04HgngFAMo6mpuHxulsqU
VqMjrYBmrj/wpVCrggV7WGNf2rJB+OQCVYcSrUtefFVUVfY+9vcVYlIB2OS4TqE+
UFM06qjX5diGVl4lKlJERCVfdK6dTSMh7DJmNUP2XHLlEpsJiC4NZkmn+DEIqBBz
kMJu+WfbzL+R570QpN7osrQPeneUO03Ucr1McCW3tSCm97nY4ZiQg+1+7TC5X/zm
xlyMiWVgpJEuphZPABEBAAGJAjwEGAEIACYWIQSa63BzP3fzfrmAGSO359btPJ0d
yAUCYKYgDQIbDAUJA8J6EwAKCRC359btPJ0dyOZnEACmzXud0EfzvWT/TNN6Df7P
0Y7cwwsJixim79QfPBrrxW6u3yq3BlRL3z2pUN6uG7AgI5WmIch4Nl+mVI4zVcX9
9Af68A1qPdHZtZSEIUomRef5vy3wnrF4kiga9bmpv+waicjUix8S4gEv3A22YP+l
QQ+zuVw8S95vtheOosH37Ciyyb1hheEUis6r8mgP1yvL6iMpZ1XNX4YDjfNZbtHi
F+a+dOoS557BpqRjyUps4y44SjiGGfyGjxy+DWV2Ry5VqQTNI6teexcyni87UlJi
lO9ASv7bcTj3S2rggEZYY6jkGFeS82a+EWpSZ8ZRE8Ls3JIgr2z9MGTb5ywFEO9D
dn9JB/itMI833iqkdnrWCQLrs4wUsJFIXOzLg27YD/qXMqOcooV80m2dh9WhH+a/
e+0bOjgHJdtScRsfSgDQc3nKNrElWldRo3yI615XOHegx1b8diUbwHMfU90kvp02
z2qLq3ghjWm3KXH1qzAQ2Lftp/IWVKuB71FFLD3i4DE5Dqnh1/45YlATTsdsGo1S
GxX25GsDfuEbcrD+wXGBXruDfbkIVuLpBXjlV3Y16Vx/gBHrHDgQIL8EFqKBoGVl
FmOIM/Fbw3Rm1sG0kRqYXGUyI/6I/XQ4A6PDEC0isyD8kH3jBHV/gGG6lhIbuAuc
TAN2qMEbGDN4n5zrg9pcJA==
=iK45
-----END PGP PUBLIC KEY BLOCK-----