Folio Client Mailmerge interruption can lead to wrong content (FSC25088)

Last update: 12 February 2021

ID: FSC25088

Affected Components: Fabasoft Folio Client with Fabasoft eGov-Suite

Severity: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N, Basic Score: 4,2 (Medium)

Status: New

First published: 23.11.2020

CVEs: -

Summary

Running the mail-merge process from within Fabasoft eGov-Suite (that is processed by the locally installed Folio Client), and the user opens other Word documents during mail-merge processing, the wrong content could be applied as mail-merge result.

Impact

In the case that the user opens a Word document beneath the mail-merge process, the Folio Client wrongly assumes that the opened document is the result of the mail-merge. The document with wrong content is assigned to the receipient of the mail-merge, and in consequence may be sent to a receipient of the mail-merge. 

The wrongly used content may include personally identifiable or confidential information.

Remediation

Fabasoft has fixed the issue. A hotfix is available for Fabasoft Folio versions listed in the hotfix section. 

The fix requires to update the Fabasoft Folio Client on the client machines. No update of other services is required.

Workaround

As long as the Fabasoft Folio Client was not updated to the build numbers mentioned below, recommend your users to not open any other Microsoft Word documents as long as the progress bar of the mail-merge is visible. 

Hotfix Information

Fabasoft has fixed this issue in the following Fabasoft Folio / Fabasoft eGov-Suite versions:

  • Fabasoft Folio 2021 (from Folio Client version 21.1.0.76)
  • Fabasoft Folio 2020 Update Rollup 4 (from Folio Client version 20.1.4.50)
  • Fabasoft Folio 2019 Update Rollup 3 (from Folio Client version 19.2.3.175)
  • Fabasoft Folio 2017 R1 (from Kit 17.4.0.73 / from Folio Client version 17.4.7.114)
  • Fabasoft Folio 2017 R1 UR7 (from Folio Client version 17.4.7.114)
  • Fabasoft Folio 2016 Update Rollup 7 (from Kit 16.0.11.77 / from Folio Client version 16.0.11.77)
  • and all major releases and Update Rollups above the mentioned versions.