Matt Biedronski

**Name of the Vulnerable Software and Affected Versions** ColumbiaSoft Document Locator versions prior to 7.2 SP4 and 2021.1 **Description** A critical vulnerability has been found in ColumbiaSoft Document Locator, affecting an unknown part of the file "/api/authentication/login" of the component WebTools. The manipulation of the `Server` argument leads to improper authentication. It is possible to initiate the attack remotely. **Recommendations** For versions prior to 7.2 SP4, upgrade to version 7.2 SP4 to address this issue. For versions prior to 2021.1, upgrade to version 2021.1 to address this issue. As a temporary workaround, consider restricting access to the "/api/authentication/login" endpoint until a patch is available. Avoid using the `Server` argument in the affected API endpoint until the issue is resolved.