On October 13, 2022, a vulnerability has been identified in the open source component "Apache Commons Text" (Text4Shell). Therefore, it was recommended to update it to version 1.10.0. For detailed information on the vulnerability, see the article CVE 2022-42889.
Even though AEB applications are generally not affected by the vulnerability, for security reasons the component has already been updated to the latest version with the October service pack.
AEB applications can include the library and use the component for local PDF/XFA preparation so that no external access can occur. However, this may lead to reports from internal vulnerability scanners, even if the vulnerability cannot be exploited.
AEB has therefore already provided patches for cloud applications in the data center and ASSIST4 applications that have integrated the library with the October 2022 service pack.
If you operate an AEB application as an on-premise installation in your own data center, it is recommended to keep it up to date.
Comments
Please sign in to leave a comment.