Folio Client Mailmerge interruption can lead to wrong content (FSC25088)

ID: FSC25088

Affected Components: Fabasoft Folio Client with Fabasoft eGov-Suite

Severity: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N, Basic Score: 4,2 (Medium)

Status: New

First published: 23.11.2020

CVEs: -

Summary

Running the mail-merge process from within Fabasoft eGov-Suite (that is processed by the locally installed Folio Client), and the user opens other Word documents during mail-merge processing, the wrong content could be applied as mail-merge result.

Impact

In the case that the user opens a Word document beneath the mail-merge process, the Folio Client wrongly assumes that the opened document is the result of the mail-merge. The document with wrong content is assigned to the receipient of the mail-merge, and in consequence may be sent to a receipient of the mail-merge. 

The wrongly used content may include personally identifiable or confidential information.

Remediation

Fabasoft is currently in analysis to prevent this situation.  

Workaround

Recommend your users to not open any other Microsoft Word documents as long as the progress bar of the mail-merge is visible. 

Hotfix Information

Currently no hotfix is available.