Name	SBA Research Cookie
Provider	SBA Research
Purpose	Saves the settings of the visitors selected in the cookie box.
Cookie name	sba-research-cookie
Cookie runtime	1 year

Name	YouTube
Provider	YouTube
Purpose	Used to unblock YouTube content.
Privacy policy	https://policies.google.com/privacy
Host(s)	google.com
Cookie name	NID
Cookie runtime	6 months

Name	Vimeo
Provider	Vimeo
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie runtime	2 years

Upcoming Events:

Alexander Schatten at the Vienna Book Fair

13.11.2025

Training: Certified Information Systems Security Professional (CISSP) – Prüfungsvorbereitungskurs – Teil 1

18.11.2025 - 20.11.2025

Training: Certified Information Systems Security Professional (CISSP) – Prüfungsvorbereitungskurs – Teil 2

26.11.2025 - 27.11.2025

SBA @ Ekoparty 2025

November 7, 2025

SBA Research was proud to participate in the Ekoparty Security Conference 2025, held from October 22-24 in Buenos Aires, Argentina. This year, Max Günther and Philipp Frenzel represented SBA Research and the Security and Privacy Research Group at the University of Vienna… Read More

SBA Security Meetup: From OWASP to App Secrets – Lessons Learned

November 6, 2025

End of October, we had our SBA Security Meetup on From OWASP to App Secrets Learned with to insightful talks from Fabian Funder (SBA Research) and David Schmidt (Universität Wien). ... Read More

SBA Security Advisory – Checkmk Cross Site Scripting (CVE-2025-39663)

October 30, 2025

Checkmk in versions before 2.4.0p14 and 2.3.0p39, as well as in branches 2.2.0, 2.1.0 and 2.0.0 is prone to a Stored Cross-Site Scripting (XSS) vulnerability when used in a distributed monitoring setup. Any connected remote site can inject JavaScript code in the central site's user interface. ... Read More

SBA @ re:think diversity congress 2025

October 28, 2025

On October 22 2025, the Diversity Think Tank team hosted the re:think diversity congress at the Vienna Chamber of Commerce. Like last year, Jeanine Lefèvre, Head of Office of Equal Opportunities and research coordinator, and Gregor Roschitz,… Read More

IMPACT 2025

October 26, 2025

In mid-October, our yearly partner and friends of SBA Research event IMPACT brought together experts, practitioners, and decision-makers from research, industry, and the open-source community. One afternoon with discussion about the latest developments in security, open source, and research and to celebrate our long-standing relationships. This year’s program… Read More

group photo speaker and panelists at impact

SBA Research joins the Linux Foundation Europe

October 22, 2025

We are proud to announce that we joined the Linux Foundation Europe, further strengthening our role within the international open-source community. With this step, we are reinforcing our commitment to advancing security and resilience in digital infrastructures. ... Read More

Distinguished paper award at ACM CCS 2025

October 16, 2025

David Schmidt, PhD student at CD-Lab AsTra, Sebastian Schrittwieser, key researcher at SBA Research and head of the CD-Lab, and Edgar Weippl, scientific director at SBA Research and full professor for security & privacy at the University of Vienna, received the Distinguished Paper Award at ACM CCS 2025 (A*-rated) for their work Leaky Apps: Large-scale Analysis of Secrets Distributed in Android and iOS Apps. ... Read More

SBA Security Advisory – Checkmk Agent Privilege Escalation via Insecure Temporary Files (CVE-2025-32919)

October 13, 2025

Vulnerability Overview The `win_license` plugin as included in Checkmk agent for Windows versions before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since version 2.1.0b2 and 2.0.0p28 allows low privileged users to escalate privileges to Local System due to insecure use of a temporary folder. Recommended… Read More

SBA Security Advisory – Checkmk Path Traversal (CVE-2025-39664)

October 13, 2025

Vulnerability Overview Checkmk in versions before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since version 2.1.0b1 is prone to a path traversal vulnerability in the report scheduler. Due to an insufficient validation of a file name input, users can store reports in arbitrary locations on the server. Read More

Visiting Researcher Strengthens Partnership and Research Focus

October 9, 2025

SBA Research was delighted to welcome Dr. Fatma Nur Esirci Oral as a visiting researcher during September 2025. During her stay, Dr. Esirci Oral delivered valuable seminars for our students and junior researchers and led vital discussions with our institute's members. ... Read More

SBA Research is a research center for Information Security
funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.

Upcoming Events:

Recent News:

SBA @ Ekoparty 2025

SBA Security Meetup: From OWASP to App Secrets – Lessons Learned

SBA Security Advisory – Checkmk Cross Site Scripting (CVE-2025-39663)

SBA @ re:think diversity congress 2025

IMPACT 2025

SBA Research joins the Linux Foundation Europe

Distinguished paper award at ACM CCS 2025

SBA Security Advisory – Checkmk Agent Privilege Escalation via Insecure Temporary Files (CVE-2025-32919)

SBA Security Advisory – Checkmk Path Traversal (CVE-2025-39664)

Visiting Researcher Strengthens Partnership and Research Focus

SBA Newsletter

Upcoming events @ SBA

SBA Research at a glance

Highlights of the past years:

Privacy settings

SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.

Upcoming Events:

Recent News:

SBA Newsletter

Highlights of the past years:

SBA Research is a research center for Information Security
funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.