Cloud Vulnerabilities

This page lists known security vulnerabilities found in Fabasoft Cloud and surrounding systems. The article titles contain the Fabasoft issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Fabasoft Enterprise Support providing detailed information about the problem found.

  • ID: FSC33251 Affected Components: Fabasoft Folio / Fabasoft eGov-Suite 2021 UR3, Fabasoft Folio / Fabasoft eGov-Suite 2022, Fabasoft Business Process Cloud Severity: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Total Score: 8,8 HIGH Status: Final First published: 21.04.2022 CVEs: - Summary A privilege escalation is possible by an intruder on a...Read more
  • ID: FSC33127 Affected Components: Identity Provider of the Fabasoft Cloud, Fabasoft Secomo Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, Base Score: 9.8 Status: Final First published 04.04.2022 CVE: CVE-2022-22965 Summary A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via...Read more
  • ID: FSC31322 Affected Components: Fabasoft Cloud, Fabasoft Folio Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, Basic Score: 10.0 (Critical) Status: Final First published: 13.12.2021 CVEs: CVE-2021-44228 Informations for another Log4j issues CVE-2021-45046 and CVE-2021-45105 see at the end of this article. Information A flaw was found in the Java logging...Read more
  • ID: FSC29337 Affected Components: Fabasoft Folio Webservices, Fabasoft Cloud Webservices Severity: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N, Basic Score: 7.3 Status: Final First published: 28.08.2021 CVEs: - Summary By passing a malicious content in a parameter to the first request in the Fabasoft Folio web client, an error will be...Read more
  • ID: FSC21815 Affected Components: Fabasoft Cloud Client, Fabasoft Folio Client Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L, Basic Score: 8.3 (High) Status: Final First published: 14.05.2020 CVEs: - Summary The Fabasoft Cloud or Fabasoft Folio browser extension uses web messaging to communicate with the Fabasoft Cloud Client or Fabasoft Folio...Read more
  • ID: FSC21814 Affected Components: Fabasoft Cloud Web Services, Fabasoft Folio Web Services Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, Basic Score: 6,5 (Medium) Status: Final First published: 14.05.2020 CVEs: CVE-2018-16323 Summary Due to the vulnerability CVE-2018-16323 in ImageMagick when converting images and downloading them memory fragments can be leaked via...Read more