Dom4j Vulnerability (CVE-2018-1000632)

Last Updated: 4/Dec/2018

Products Affected

SVF for Excel 9.0, 9.1, 9.2
RDE Excel Option 9.0, 9.1, 9.2

Description

Dom4j project announced that critical vulnerability (CVE-2018-1000632) exists in dom4j version prior to 2.1.1. For detail, refer to https://nvd.nist.gov/vuln/detail/CVE-2018-1000632.

Impact on SVF Products

SVF for Excel and RDE Excel Option use dom4j indirectly in POI library. For this vulnerability issue, malicious user can include invalid code in your system when mass users output an Excel file in XLSX format. To prevent it, make sure to output your Excel file in XLS format rather than XLSX.

Impact on other WingArc products

We confirmed this vulnerability issue doesn't affect the rest of WingArc products below:

SPA
MotionBoard
Dr. Sum

Articles in this section

Products Affected

Description

Impact on SVF Products

Impact on other WingArc products

Comments

Articles in this section

Products Affected

Description

Impact on SVF Products

Impact on other WingArc products

Related articles