Folio Vulnerabilities

This page lists known security vulnerabilities found in Fabasoft Folio and surrounding systems. The article titles contain the Fabasoft issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Fabasoft Enterprise Support providing detailed information about the problem found.

  • ID: FSC33251 Affected Components: Fabasoft Folio / Fabasoft eGov-Suite 2021 UR3, Fabasoft Folio / Fabasoft eGov-Suite 2022, Fabasoft Business Process Cloud Severity: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Total Score: 8,8 HIGH Status: Final First published: 21.04.2022 CVEs: - Summary A privilege escalation is possible by an intruder on a...Read more
  • ID: eGov14136 Affected Components: Fabasoft eGov-Suite 2019/2020/2021/2022 Severity: not scored Status: Final First published: 10.03.2022 CVEs: - Summary Users with a position that has not granted system administrative permissions, may have permissions to edit their own user object, allowing them to self-assign a user role...Read more
  • ID: FSC31322 Affected Components: Fabasoft Cloud, Fabasoft Folio Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, Basic Score: 10.0 (Critical) Status: Final First published: 13.12.2021 CVEs: CVE-2021-44228 Informations for another Log4j issues CVE-2021-45046 and CVE-2021-45105 see at the end of this article. Information A flaw was found in the Java logging...Read more
  • ID: FSC29337 Affected Components: Fabasoft Folio Webservices, Fabasoft Cloud Webservices Severity: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N, Basic Score: 7.3 Status: Final First published: 28.08.2021 CVEs: - Summary By passing a malicious content in a parameter to the first request in the Fabasoft Folio web client, an error will be...Read more
  • ID: FSC25088 Affected Components: Fabasoft Folio Client with Fabasoft eGov-Suite Severity: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N, Basic Score: 4,2 (Medium) Status: New First published: 23.11.2020 CVEs: - Summary Running the mail-merge process from within Fabasoft eGov-Suite (that is processed by the locally installed Folio Client), and the user opens...Read more
  • ID: FSC21815 Affected Components: Fabasoft Cloud Client, Fabasoft Folio Client Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L, Basic Score: 8.3 (High) Status: Final First published: 14.05.2020 CVEs: - Summary The Fabasoft Cloud or Fabasoft Folio browser extension uses web messaging to communicate with the Fabasoft Cloud Client or Fabasoft Folio...Read more
  • ID: FSC21814 Affected Components: Fabasoft Cloud Web Services, Fabasoft Folio Web Services Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, Basic Score: 6,5 (Medium) Status: Final First published: 14.05.2020 CVEs: CVE-2018-16323 Summary Due to the vulnerability CVE-2018-16323 in ImageMagick when converting images and downloading them memory fragments can be leaked via...Read more
  • ID: FSC03839 Affected Components: Fabasoft Folio Severity: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, Basic Score: 8.4 (High) Status: Final First published: 09.05.2016 CVEs: CVE-2016-3714 , CVE-2016-3718 Information There are multiple vulnerabilities in ImageMagick , a package commonly used by web services to process images. One of the vulnerabilities can lead...Read more
  • Summary This is an information regarding a security issue in Oracle Java SE (Standard Edition) and Oracle JRockit. Information An undisclosed vulnerability has been found in Oracle Java SE (Standard Edition) and Oracle JRockit. According to the Oracle Critical Patch Update Advisory - July 2014...Read more
  • ID: - Affected Components: Red Hat Enterprise Linux / CentOS Severity: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, Basic Score: 8.1 (High) Status: Final First published: 19.02.2016 CVEs: CVE-2015-7547 Information The following information was made available by Red Hat concerning this vulnerability: A stack-based buffer overflow was found in the way...Read more
  • ID: Affected Components: Fabasoft Folio on Microsoft Windows Server 2008 R2, Microsoft Windows Server 2012 and R2 Severity: AV:N/AC:L/Au:N/C:C/I:C/A:C, Basic Score: 10.0 (High) Status: Final First published: 15.04.2015 CVEs: CVE-2015-1635 Summary This is an information regarding a security issue in the Windwos HTTP protocol stack...Read more
  • Summary This is an information regarding a security issue in the Unix Bash (Bourne Again Shell) commonly used in Linux environments as well as Mac OS. Information CVE-2014-6271 A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could...Read more
  • Summary This is an information regarding a security issue in the OpenSSL library. Notice: This is an urgency released article. Further information may be added, therefore please re-check for information updates. Information A severe programming error has been identified in the OpenSSL library, which affects...Read more
  • Summary A security vulnerability was found in the Fabasoft Portlet for Liferay that can allow Cross Site Scripting, if an attacker modifies the URL in a special way. Information An attacker can exploit this vulnerability to run JavaScript code on the client machine . An...Read more
  • RHEL/CentOS 6.4 and Fabasoft Folio 2013/2014 Update Rollup 3 Update Procedures Summary Due to some changes in the mod_status Apache module our Fabasoft Folio Web Service had to be modified, thus creating new dependencies that will be summarized in this article. Information On 2014-07-23 Red...Read more
  • Information On January 28th 2011 Microsoft has released the Security Advisory 2501696 concerning a MHTML Script Injection vulnerability in Microsoft Internet Explorer. In context of this Security Advisory and respectively KB 2501696 Microsoft released a FixIt to address this issue preliminary to an official hotfix...Read more
  • Summary This is an advisory regarding a security issue in the glibc library also known as GHOST. Information The following information was made available by Red Hat concerning this vulnerability: A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the...Read more