Affected Components: Fabasoft Cloud Web Services, Fabasoft Folio Web Services
Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, Basic Score: 6,5 (Medium)
First published: 14.05.2020
Due to the vulnerability CVE-2018-16323 in ImageMagick when converting images and downloading them memory fragments can be leaked via the image data
By repeated downloading converted images an attacker can read parts of the memory of a Fabasoft Web Service that may contain sensitive information.
Fixed with following versions of the Fabasoft Cloud or Fabasoft Folio:
- Fabasoft Cloud Version 2020 June Release (Version 20.3.1)
- Fabasoft Folio Version 2021 (Version 21.1.0)