CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes. Xerox issued a fix for two vulnerabilities impacting its market-leading DocuShare enterprise document management platform. The bugs, if exploited, could expose DocuShare users to an attack resulting in the loss of sensitive data. On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) issued a security bulletin urging users and administrators to apply a patch that plugged two security holes in recently released versions (6.6.1, 7.0, and 7.5) of Xerox’s DocuShare. The vulnerability is rated important. Tracked as CVE-2020-27177, Xerox said the vulnerabilities open Solaris, Linux, and Windows DucuShare users up to both a server-side request forgery (SSRF) attack and an unauthenticated external XML entity injection attack (XXE). Xerox issued its security advisory (XRX20W) on November 30.
More information: https://threatpost.com/xerox-docushare-bugs/161791/
Experts Comments
Linkedin Message
@Niamh Muldoon, Senior Director of Trust and Security EMEA, provides expert commentary at @Information Security Buzz.
"Security Automation is hugely beneficial to delivering quick responses to reduce risk exposure. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-xerox-docushare-bugs-allow-data-leaks
Facebook Message
@Niamh Muldoon, Senior Director of Trust and Security EMEA, provides expert commentary at @Information Security Buzz.
"Security Automation is hugely beneficial to delivering quick responses to reduce risk exposure. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-xerox-docushare-bugs-allow-data-leaks
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Jamie Akhtar, CEO and Co-founder, provides expert commentary at @Information Security Buzz.
"Organisations should implement temporary mitigation procedures until a permanent solution is offered...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-xerox-docushare-bugs-allow-data-leaks
Facebook Message
@Jamie Akhtar, CEO and Co-founder, provides expert commentary at @Information Security Buzz.
"Organisations should implement temporary mitigation procedures until a permanent solution is offered...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-xerox-docushare-bugs-allow-data-leaks