This site has moved to the integrated Appfire documentation and information site for our apps.

From February 2024 this site is no longer updated.

Take a look here! If you have any questions please email support@appfire.com

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This advisory discloses a security vulnerability found and fixed in Comala Document Management.  We recommend upgrading Comala Document Management to the latest supported version.

Affected Versions

The vulnerability affects Comala Document Management 6.10.0 → 6.12.2

The 6.12.3 release contains a fix for the issue mentioned below.

Versions prior to 6.10.0 are not affected.

SQL Injection Vulnerability

Severity

Comalatech rates the severity of these issues as High according to the published Atlassian Security LevelsWe have ranked the vulnerability as high because:

  • The vulnerability is difficult to exploit - Confluence Administrator privileges are required
  • Exploitation could result in a significant data loss or downtime.

This is an independent assessment and you should evaluate its applicability to your own IT environment.

Description

We have fixed a SQL Injection vulnerability in Comala Document Management. The vulnerability could allow a privileged user to have full access to the Confluence database.

Risk Mitigation

Sites running Comala Document Management 6.10.0-6.12.2 are recommend to upgrade to Comala Document Management to 6.12.3

If upgrading immediately is not possible, you can limit the number of users that have the ability to exploit the vulnerabilities by restricting Confluence Administrator privileges to trusted users.

  • No labels