Xerox released a fix for two vulnerabilities in regards to DocuShare, their document management platform. If these bugs were exploited they could have made DocuShare users vulnerable to a malicious attack resulting in sensitive data loss. Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) issued a security bulletin to alert users and administrators to urgently apply a patch which would plug two security holes in the recently released versions (6.6.1, 7.0, and 7.5) of Xerox’s DocuShare.
The vulnerability has been rated important due to the potential detrimental impact it could have on users who are affected. However, Xerox has not shared the specifics of the bugs or any of the possible attack scenarios, but they did offer links to hotfix to help tarball files addressing bugs in affected versions of Solaris, Linux and Windows DocuShare.