For your convenience we continuously update the details below. The list below contains all CVE's in XperienCentral. If you have any question about vulnerabilities or whatsoever, please do get in contact with Customer Service. You can reach them right here.
ID: CVE-2022-31160
Version: Geen
Affected Component: InterActiveForms
Status: Niet kwetsbaar
Details: InterActiveForms uses JQuery UI 1.13.1, in which the mentioned vulnerability (CVE) is present. Following the announcement of this CVE, GX implemented a patch, which fixed the vulnerability. It is known that some scanning tools may still report the vulnerable version, JQuery UI 1.13.1, but as indicated, we are no longer vulnerable. In addition, an upgrade to a newer version of JQuery is included in the roadmap.
ID: CVE-2024-22243 & CVE-2024-22259
Version: None
Affected Component: Spring-web
Status: Not vulnerable
Details: Recently, a vulnerability was found in the Spring-web library, and specifically the UriComponentsBuilder. This is not used in XperienCentral, and XperienCentral is therefore not susceptible to this vulnerability.
ID: CVE-2023-50386
Version: None
Affected Component: Solr
Status: Not vulnerable
Details: Recently, a bug was found in the SOLR library, where a specific endpoint can be exploited. In XperienCentral, only the embedded SOLR server is used. XperienCentral does not expose this endpoint, therefore, is not susceptible to this vulnerability.
ID: CVE-2023-50164
Version: None
Affected Component: Apache Struts
Status: Not vulnerable
Details: A flaw was recently found in the Apache Struts library. XperienCentral is not susceptible to this vulnerability. Although Apache Struts is included in the SDK this concerns a version that is not vulnerable to this CVE.
ID: CVE-2023-5129
Version: None
Affected Component: Libwebp
Status: Not vulnerable
Details: A flaw was recently found in the Libwebp library. This library allows editing of WebP files. Although it is possible to use WebP files in XperienCentral, XperienCentral is not vulnerable to this CVE. The reason is that XperienCentral does not use the affected library, but uses another Java-based library for reading and writing WebP.
ID: CVE-2023-41080
Version: <R41
Affected Component: Apache Tomcat
Status: Not vulnerable
Details:
A so-called Open Redirect has been found in Apache Tomcat, potentially allowing an attacker to redirect a user to the wrong URL. This vulnerability is located in Tomcat's ROOT/default webapp. This webapp can generally not be accessed with an XperienCentral installation, as Apache always redirects HTTPD requests to Tomcat to XperienCentral. On our cloud environments, the ROOT/default app is always removed when installing Tomcat. In addition, we will update Tomcat to version 9.0.80 during our next round of updates, on Tuesday 26 September 2023. In Tomcat 9.0.80, this issue has been resolved. If you are responsible for hosting yourself, you can -to be on the safe side- choose to update to Tomcat 9.0.80 or newer. In addition, it is possible to delete the ROOT folder. This can be found in
<tomcat install directory>/webapps/ROOT.
Version: <R35
Affected component: Spring Framework
Status: Not vulnerable
Details:
Also known as Spring4Shell. Our product development team has not found any way to exploit this issue. Nonetheless we have provided a patch to mitigate any risks. For more information, please see all details on Vulnerability in Spring core (Spring4Shell).
ID: CVE-2021-4104
Version: <R35
Affected component: Apache Solr
Status: Not vulnerable
Details:
Also known as Log4J. XperienCentral has not been found to be vulnerable. In R36 Solr was upgraded to version 8.11.1, containing fixes for this vulnerability. Solr is not vulnerable for the follow-up CVE’s, CVE-2021-45105 and CVE-2021-45046. For more information, please refer to https://solr.apache.org/security.html and Vulnerability in Log4j (Log4Shell)
ID: CVE- 2021-44832
Version:<R40
Affected component:
Apache Solr
Status:
Not vulnerable
Details:
Not vulnerable
Version:<R40
Affected component:
- Apache Solr
- Modular Content (<2.0.27)
Status: Not vulnerable
Details:
-Also known as Text4Shell-
Apache Solr:
Apache Solr does contain a vulnerable version of the Commons Text library but is not vulnerable. For more information, please refer to https://solr.apache.org/security.html
Modular Content:
XperienCentral’s Modular Content add-on contains a vulnerable version, but does not use the code affected. Version 2.0.28 of the add-on contains a fixed version of Commons Text.
ID: CVE-2016-5007
Version:<R40
Affected component: Spring Framework
Status: Not vulnerable
Details:
A vulnerability was discovered in Spring Framework concerning authorization and mapping requests to controllers. XperienCentral uses its own authorization and permission management layer, which protects any functionality using SpringMVC from usage by unauthorized users.
If we come across a new CVE, we will update this list immediately. Keep an eye on this page from time to time to make sure you are as safe as possible. Any questions? You can reach Customer Services right here.
Comments
0 comments
Article is closed for comments.