CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes. Xerox issued a fix for two vulnerabilities impacting its market-leading DocuShare enterprise document management platform. The bugs, if exploited, could expose DocuShare users to an attack resulting in the loss of sensitive data. On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) issued a security bulletin urging users and administrators to apply a patch that plugged two security holes in recently released versions (6.6.1, 7.0, and 7.5) of Xerox’s DocuShare. The vulnerability is rated important. Tracked as CVE-2020-27177, Xerox said the vulnerabilities open Solaris, Linux, and Windows DucuShare users up to both a server-side request forgery (SSRF) attack and an unauthenticated external XML entity injection attack (XXE). Xerox issued its security advisory (XRX20W) on November 30.
More information: https://threatpost.com/xerox-docushare-bugs/161791/
Experts Comments
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Jamie Akhtar, CEO and Co-founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organisations should implement temporary mitigation procedures until a permanent solution is offered...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-xerox-docushare-bugs-allow-data-leaks
Facebook Message
@Jamie Akhtar, CEO and Co-founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organisations should implement temporary mitigation procedures until a permanent solution is offered...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-on-xerox-docushare-bugs-allow-data-leaks