Articles in this section

See more

Dom4j Vulnerability (CVE-2018-1000632)

Avatar
GSS Japan
  • Updated
Follow

Last Updated: 4/Dec/2018

Products Affected

  • SVF for Excel 9.0, 9.1, 9.2
  • RDE Excel Option 9.0, 9.1, 9.2

Description

Dom4j project announced that critical vulnerability (CVE-2018-1000632) exists in dom4j version prior to 2.1.1. For detail, refer to https://nvd.nist.gov/vuln/detail/CVE-2018-1000632.

Impact on SVF Products

SVF for Excel and RDE Excel Option use dom4j indirectly in POI library. For this vulnerability issue, malicious user can include invalid code in your system when mass users output an Excel file in XLSX format. To prevent it, make sure to output your Excel file in XLS format rather than XLSX.

Impact on other WingArc products

We confirmed this vulnerability issue doesn't affect the rest of WingArc products below: 

  • SPA
  • MotionBoard
  • Dr. Sum 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk