Skip to main content

 

 

 

Template:OutSystems/Documentation_KB/Breadcrumb_New_Layout

 

Template:OutSystems/OSLanguageSwitcher

 

 

 

 

 
OutSystems

Vulnerability RPSFCT-55

Template:OutSystems/Documentation_KB/ContentCollaboration
  • Edit
    Collaborate with us
    Edit this page on GitHub
  • Overview

    OutSystems became aware of vulnerabilities in multiple Java third party libraries, ranging from Low to Critical. If exploited, these vulnerabilities may allow an attacker to compromise the confidentiality, integrity, and availability of the end-user data. OutSystems doesn't have any indication or reason to believe that this vulnerability has been exploited in the wild.

    Communication

    To understand the phases involved in the process, how, and when we communicate, check this article. This vulnerability is currently on the embargo phase.

    • Embargo phase: This vulnerability was first published on December 9, 2020.
    • Public disclosure: Full details on this vulnerability were disclosed on March 3, 2021.

    Vulnerability details

    This vulnerability is based on the usage of the following libraries and respective versions on OutSystems 10 supported Java Platform Server versions:

    • Apache Commons Collections 3.2
    • Apache Commons Imaging 0.97
    • Google Core Libraries for Java 11.0.2
    • jackson-databind 2.7.4

    Components & Stacks

    This vulnerability affects OutSystems 10 supported Java Platform Server versions.

    Protecting your OutSystems installation

    OutSystems issued release Platform Server 10.0.1108.0 that addresses these vulnerabilities. All customers who have yet to update their Platform Server are strongly encouraged to do so.

    Workaround

    There is no workaround, we strongly advise you to update to the above mentioned versions.

    FAQs

    Question Answer
    By exploiting this vulnerability can an attacker access my data? Yes. By exploiting this vulnerability, an attacker may have access to the end-user data.
    What do I need to do? Update your OutSystems Platform Server to the above-mentioned version.
    Who can I talk to about this? If you have any questions, contact your Customer Success Manager. If you don’t have one, contact us via our support channels.
    • Was this article helpful?