Responsible Disclosure

If you have found a security vulnerability or issue on Comarch product, please contact our responsibility team. We do not run a bug bounty program.

To alert us please email vuln@comarch.com. Please encrypt emails containing sensitive information using our PGP key)

To help us better address your discovery, please include the following information:

  • The name of the Comarch product and the respective version information.
  • Vulnerability: Provide a short description of the vulnerability (e.g XSS, data leak, security misconfiguration)
  • Full Description: Provide a full description of the vulnerability and optionally exploit
  • Documentation: Identify steps required to reproduce the vulnerability. These can be videos, screenshots, PoC

Please do not send vulnerabilities from automatic tools or scanners without additional analysis as to how they're an issue. Never attempt to access anyone else's data or personal information including by exploiting a vulnerability. Unless Comarch gives you permission, do not disclose any issues to the public, or to any third party.

PGP Public Key

Active Date: 20.05.2021
Expiration Date: 20.05.2023
Key Type: RSA
Key Size: 4096 bits
Fingerprint: 9AEB 7073 3F77 F37E B980 1923 B7E7 D6ED 3C9D 1DC8

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGCmIA0BEADFRWsB0Uyo9aUFGuNkMbFp28DX4dguwtsDKB3bn6mfUJqSRweY
FrUjMfqAS28poF/2iefRWhK2rqydgNRhlrnYItyhWIoptLh5GsfvlkMnrjlBTLUB
gm0itV073cBr3dCpcd1hG+IV/tu2kAw6k6KGEKruRyJNa2vfDWD0oF/LNNPn6c+s
+q8emtEsDtrFbMTCl1SyRzwKakHWICBtDoW9wNRXorvbkqSiHFLrw5JE3nch5TIs
r3pfVSAsLqcfweIgZvfS3UDYvhavAAcTqE8fdl6QOwcaE2kXl8rkP42jP8aeXQ9V
gScVC3nJPeT23HWLm98OKrVV6GojL+dn1asPUdWyKXHTGcwCa1tZGdr1ychj/wUy
Wkj3DDk2fCBh9cIlk7Gp5rLFsVC5mL8HA5TPtyZgLYsHY3BkmlKkkEYJlfVtbGoW
YTIP7bnOtAwPo3IsvKnoLxDzUAJuI/ALHjwu+fMXR6aQ9yVYaYDrJAm8qkwcJUOK
JI5ielwOKXZ9Yo8fgfQXflpLM7z2tROTd+oXHCkrcOobe/gtS7WsqKa9nicidJ6j
uAseoWmsWBoY0ZxGKFO9O4VmXTU1dln5GIOFufofsRzZvlkMBCLqCerqcR6LlvDf
fTcpxCaurMRGbhV7RGPpnUqs8lKuPOSbN2h+9Z9ZcPhjTLDy2kRtO36VJwARAQAB
tChDb21hcmNoIFNlY3VyaXR5IFRlYW0gPHZ1bG5AY29tYXJjaC5jb20+iQJUBBMB
CAA+FiEEmutwcz938365gBkjt+fW7TydHcgFAmCmIA0CGwMFCQPCehMFCwkIBwIG
FQoJCAsCBBYCAwECHgECF4AACgkQt+fW7TydHcgAOxAApLyRTktJ0N3zJSvRDp6e
JsDDNIziIEx7s3lCaO7Wp9g05AO/6NTlDsScJdcPzpyWB43GC1pktkOZxcwG6/gb
qAjfgO9NNppd7YEneTvFO4Moh+T3CLTxH3Q8K2wJVnPgYqmpBikstYeI2z/IMr2t
mmlpKpj6pxi6Ngi8ydmdUU44KMIGnNM2zXHOH6TaEm4hQsffKSZmd1AZT3HZEZlo
br5Za99ove0l98vTHtMlpWprcD4jceW0On4Myp5Noa75pAPwCXn5nTY7hmAbP4+b
A+E6W4mRwhnun89oL68+piRKSe0VD7RFT4nfFTlcfzsU3zaY2LpYoGxApqS0iW+d
Dz7N53V1iBsrL9rInV01P7pJUBNb0rOiAfNn5a+aJi0D9yF+hAAtvLBFLpLx6YX6
0RCYmb39Hz6d3fDLSqSp2vHNV/5EZIa6MIlzPxfq1+ZzQD5baNJnd3/qFgspjdM/
T8eAHnT1hW7YhFtpa94x3ZjaKoydCiM4ryjYB0EeBZ55jAJHHf8lhnjrsWlI2t+a
2PFPkbVao0iI0T1bEFq28okvJws9GtqquxRLpqgGUypAWV/mr8/3MsoJiqu6HC9l
UproIj2Gxd9+bXMvZBNTM4jZ8qveQ9BOKw13iT4JJrzaj9F+dSFrc416BU3wVinF
kWdBWJhwElam0MaOpp1zy9q5Ag0EYKYgDQEQAKm9foqKM9I6IRbdbtreJrdixfNz
3JLWIm6BZmFZZP2TO+xHGzgOG+KmVDNAiNtK/qsKnAjxFpFoKHgxnOFeyZDoR+Co
4sa/L8XxQPI4pKpLTqW8lMOUv6twqqk3XiOeOwimwjFtkvxqXhWmU3uvwwPn96Ue
Kx9IFrf3fHJWNn8P9XA2PQ6JeMQkdX6fxrZ+rf3LQcntvDXn1kG5XRanv/LcoAXc
9CBMd45+TUDpYLRzOwZ08zhUvj6XW+9R2BNwYmCCPTi419yR/dIpingY/Bd1Ca61
rqZzUKCCEQNy5YOTj1l1bBLOge1hVV9xJ0GSR2nnHdZ2k3rgEVj1hIYRoj+iFL0F
hilubgnX7+sW0lVg63It/hWsva9brj0eXQ0nGgQtUJ8lJjbu5wTR0VT8afvKHE/V
qpSpCdGzZ+CaPfc5ghQS406s8kWW7VnNGCRSuW/UpUq04HgngFAMo6mpuHxulsqU
VqMjrYBmrj/wpVCrggV7WGNf2rJB+OQCVYcSrUtefFVUVfY+9vcVYlIB2OS4TqE+
UFM06qjX5diGVl4lKlJERCVfdK6dTSMh7DJmNUP2XHLlEpsJiC4NZkmn+DEIqBBz
kMJu+WfbzL+R570QpN7osrQPeneUO03Ucr1McCW3tSCm97nY4ZiQg+1+7TC5X/zm
xlyMiWVgpJEuphZPABEBAAGJAjwEGAEIACYWIQSa63BzP3fzfrmAGSO359btPJ0d
yAUCYKYgDQIbDAUJA8J6EwAKCRC359btPJ0dyOZnEACmzXud0EfzvWT/TNN6Df7P
0Y7cwwsJixim79QfPBrrxW6u3yq3BlRL3z2pUN6uG7AgI5WmIch4Nl+mVI4zVcX9
9Af68A1qPdHZtZSEIUomRef5vy3wnrF4kiga9bmpv+waicjUix8S4gEv3A22YP+l
QQ+zuVw8S95vtheOosH37Ciyyb1hheEUis6r8mgP1yvL6iMpZ1XNX4YDjfNZbtHi
F+a+dOoS557BpqRjyUps4y44SjiGGfyGjxy+DWV2Ry5VqQTNI6teexcyni87UlJi
lO9ASv7bcTj3S2rggEZYY6jkGFeS82a+EWpSZ8ZRE8Ls3JIgr2z9MGTb5ywFEO9D
dn9JB/itMI833iqkdnrWCQLrs4wUsJFIXOzLg27YD/qXMqOcooV80m2dh9WhH+a/
e+0bOjgHJdtScRsfSgDQc3nKNrElWldRo3yI615XOHegx1b8diUbwHMfU90kvp02
z2qLq3ghjWm3KXH1qzAQ2Lftp/IWVKuB71FFLD3i4DE5Dqnh1/45YlATTsdsGo1S
GxX25GsDfuEbcrD+wXGBXruDfbkIVuLpBXjlV3Y16Vx/gBHrHDgQIL8EFqKBoGVl
FmOIM/Fbw3Rm1sG0kRqYXGUyI/6I/XQ4A6PDEC0isyD8kH3jBHV/gGG6lhIbuAuc
TAN2qMEbGDN4n5zrg9pcJA==
=iK45
-----END PGP PUBLIC KEY BLOCK-----