Responsible Disclosure

If you have found a security vulnerability or issue on Comarch product, please contact our responsibility team. We do not run a bug bounty program.

To alert us please email vuln@comarch.com. Please encrypt emails containing sensitive information using our PGP key)

To help us better address your discovery, please include the following information:

The name of the Comarch product and the respective version information.
Vulnerability: Provide a short description of the vulnerability (e.g XSS, data leak, security misconfiguration)
Full Description: Provide a full description of the vulnerability and optionally exploit
Documentation: Identify steps required to reproduce the vulnerability. These can be videos, screenshots, PoC

Please do not send vulnerabilities from automatic tools or scanners without additional analysis as to how they're an issue. Never attempt to access anyone else's data or personal information including by exploiting a vulnerability. Unless Comarch gives you permission, do not disclose any issues to the public, or to any third party.

PGP Public Key

Active Date: 05.05.2025
Expiration Date: 20.05.2027
Key Type: RSA
Key Size: 4096 bits
Fingerprint: E6E8 817D 3F6A 5341 3FB5 0C12 0709 4873 DD5A 7FCD

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGgYx0cBEADZisqKkL+HOoWa+quVUR2uH7G+dUUvIyCRZSNglKJbyXy2zQaf
QyPMLrhwIdmZjGD5xwwmtZEa0+gswEHE/U7E0y0ZIaqnq3S9dExxiMOwLrya7ExW
YkySvxYPF7RUjqGKmXFO89bKbsTZScr1lVWGYpTQisI6LCucU9H+sgXXT4nx+42g
K8zq/Ly5mfY7yXl6SnvAAU8oC71EiMHS6SYp5lDlW4Mu75AEyjQbzAB+y3c3V5a4
iAFvKSajlwYIxuyOkAM1E5aoIt8fMDsikdS1Mgd/BEJI3F+AnSciwSYLrRQpG0oB
mzKTxX5H6GB46vwkQxZmnZrJfmU+mgO1jZRTliMhnPkIF4D9h3Qx8f0VNrydD3k3
H+4IJ59GYc0lu50e+kJfhKB8qjZ+HtdiJy9/X6i4YOQaR9hv/qo49e0NS1KOFr6C
eDV4KieVRAFMpijWDq76/hlrzUa21ciHJjih0B970dhpj71SsHvLwzuk/kaSw8c6
dcaY/Jmo72OkUI/TYY77V36tqRmsvBC91mco4qDY8XhhIT05MRemcb7iuU71tAq4
VhaPe94pfe8IiHd8IWXS4Lq5KyefW6AWizDBM9mLCGfPDDPPWGCFvxW8eBkvha3b
MhPbejbp60QLd96a6uSSsnz7SRBVfN7p3ZRWYf9e0N0aOc2wCb5HkckX/QARAQAB
tCdDb21hcmNoIFNlY3VyaXR5IFRlYW0gPHZ1bG5AY29tYXJjaC5wbD6JAlQEEwEK
AD4WIQTm6IF9P2pTQT+1DBIHCUhz3Vp/zQUCaBjHRwIbAwUJA9YtgAULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRAHCUhz3Vp/zf1eD/wNHntaS/ByTOeymfrmj7tQ
in00BGn/KteRQhuAdIUtScEu3CnV9WRm5c6EymnTJtYP/KZGrKseO59E1pbP2nW7
7HAuKPQQoIFNl1oUm96rwPYPXIpS3PkLltwqKMT+sDyu9IBi3pfCb0gXD6IHHSE0
8gvF7Dr7Byw8rEhrpCFlbszKU35NPjCU9BP9M+llHN7fyzN8GTc3ofTJYsS/QYBA
6u7a9pLxgefIHuwhpILCq4XGdlMfoYtgvtSM/fKrjRiaS5wi4/R9c6gc2Tnur0AN
ZSbg46r8tU1QXGAmEEQLRWMv3dMDIUHuy8vr4leSpBxXt4lNKK8AN10yqAUCZCM9
4VISzmy/N3nbexF7VDxa/qgHn4ez6zFe9XtF5GEVwR0B2ct+Hb6STVgU3hNwYgTq
njNODpbKD8Gk16d4U7r7cUNkumZxQBNOk6z6ORMsl938qXQg7tWhw7384UrVGFlF
ee/Gfk6sTcVpY4q+izvnE1UjXza2dsViRgMQ90Y6syM6vcXvo6i2iqBfyGVRYbFN
EtupCTQf9fmH+UelRmQBHmQWsk0nuNieYJcGGtDquHQ8VlBbaMLA6yH+NN5P0pQg
iVlSny3rmNj/XporbFxKN7mKX4c9hIGDpgaarD87VlHNOe52Bv7c0plbTtVLGoaP
EjK8bcbEWOEPAndUQKLnzLkCDQRoGMdHARAAo2kPbCocW4w+1pNsCDLZm005wqmz
iXIBpmZUBSB+gagBL8wyK/WnGMmKcIJYaMNjDPchajaJ35iA9HZ8zoHxpdDe0Q0P
xJBbJmGDO2aJ+BymemAW42glfF6uEmQ6QK9rBpb551G9oZLR6JVysgh5S19WQn5n
Tyxp99ZJi2EPm7zkbkZfzkR90kWWmD06PzChQ86OA4Ng7IYZy4rvCiSJ4ZRhlZei
/kFd2ylIth1EgtX4NRX1p/aWqrHNCnt/QghzjV5Z9mg3CO5l0sz7Z3A1vrxuIUVY
5eLvsXGYW6/W/CvVr0OEqhkL4bgAVfhCGrBsCmPcfUZSlt6okoRUG4mH4ZgOoO8C
P+4UXm+zCPwYIVvMqHIcalHCTFeYHFcgHpd6HwOK1V7qo5nUqsnNdj1IFl+4HUoT
lm6AKyZeHjX0GvTnvzgiiaZ42BamNBMl32Zrw6yeHX4kQoliHncHbXI/Q6W3jK1U
z0yo/7SVlHpqUJe3axy8FXyTNDFqaVM4KYwulKumcM1BgS+UyhX/5GN4YDFfXhEA
vrX4aEp3e8A72/sI9QoWIedeoJ83IH+KHFfvIRVPH4QJNjwNpanBls54Kibh4enC
o1XUQXxBA6avhHxe5rICbxcxnbyfHuW74vxQcrKU8sKOnXEX+fbiX1olFf70C5uN
aZWaoCAV3LT49GsAEQEAAYkCPAQYAQoAJhYhBObogX0/alNBP7UMEgcJSHPdWn/N
BQJoGMdHAhsMBQkD1i2AAAoJEAcJSHPdWn/NyykQAI/TvprDLcEpN9wvs2lHLCzs
A7rUHsrMWjLwdbqg3vlXN7I7SQb5St+UZXi0lo8vvSXA/hj/QOdQOnUFkNHRid5P
MYC/tE73fIHKszcjAB1Iw89EWmJ/VXdtr/dGcQsx40h476pZLbLodlsZehGFFmdi
CSVrAVGCGb51RVdzjImTkNoVHhnL7NDvfBZLxso1mVxg8y43FE4vjFn6bKEBlsdC
rhWCRa2WeAl1QKw0Y7V4Nw2GNHma7zqDW4dc/nqUkwpYt5RH0mvAqA//TDylw/TH
s5cMIVRldxXXtfXcvJl8lGjYhfj+SODxtZbGqyKJOaK1KHt6jXVIYij/WqTwT7AU
If9XNzXpVvRy6J1/Srmtj4FIitXr8BjfUVVYY4p2POcgmHRyYcd68K+yRBTXvud7
6gKx8dvutUtsKwqDDjVFtl+slp+uELuWe052q6oXyIDAAy88R7XhH+3loP2QMoau
MGBx+h2ioi/B5r1QlJT+6wiXPwVg2PmLBtXDsVvixBJBgNcvMMrRXMi7cFS/hNtQ
jxbQRza+Z4o3SFxVjxEBpc8buAvJl5xogIRnhu0EGWQrhRSV7a3xE3hP7mCqutfS
pO0HgYwVcDTV3pju8gdKgkyAhRWqHE5wFW3xH6ZTaHM9I85nhptwYvMHA70mYuyP
+d9cCGZK9XcX7n5N5bye
=4nEu
-----END PGP PUBLIC KEY BLOCK-----

All Essentials of the Telecom Business

Artificial Intelligence Management

Business Operations for Telecoms

Cloud

Loyalty Marketing Platform

Cyber Security

Data Center & IT Services

Data Exchange

ERP Systems

Field Service Management

Comarch Software and Hardware Services

Financial services

Healthcare

Public Administration

Telecommunications

Responsible Disclosure