Comala Document Management Security Advisory 2020-10-14

This advisory discloses a security vulnerability found and fixed in Comala Document Management. We recommend upgrading Comala Document Management to the latest supported version.

Affected Versions

The vulnerability affects Comala Document Management 6.10.0 → 6.12.2

The 6.12.3 release contains a fix for the issue mentioned below.

Versions prior to 6.10.0 are not affected.

SQL Injection Vulnerability

Severity

Comalatech rates the severity of these issues as High according to the published Atlassian Security Levels. We have ranked the vulnerability as high because:

The vulnerability is difficult to exploit - Confluence Administrator privileges are required
Exploitation could result in a significant data loss or downtime.

This is an independent assessment and you should evaluate its applicability to your own IT environment.

Description

We have fixed a SQL Injection vulnerability in Comala Document Management. The vulnerability could allow a privileged user to have full access to the Confluence database.

Risk Mitigation

Sites running Comala Document Management 6.10.0-6.12.2 are recommend to upgrade to Comala Document Management to 6.12.3

If upgrading immediately is not possible, you can limit the number of users that have the ability to exploit the vulnerabilities by restricting Confluence Administrator privileges to trusted users.

Comala Document Management for Data Center and Server

This site has moved to the integrated Appfire documentation and information site for our apps.