CVE-2023-5830

Name of the Vulnerable Software and Affected Versions ColumbiaSoft Document Locator versions prior to 7.2 SP4 and 2021.1

Description A critical vulnerability has been found in ColumbiaSoft Document Locator, affecting an unknown part of the file "/api/authentication/login" of the component WebTools. The manipulation of the Server argument leads to improper authentication. It is possible to initiate the attack remotely.

Recommendations For versions prior to 7.2 SP4, upgrade to version 7.2 SP4 to address this issue. For versions prior to 2021.1, upgrade to version 2021.1 to address this issue. As a temporary workaround, consider restricting access to the "/api/authentication/login" endpoint until a patch is available. Avoid using the Server argument in the affected API endpoint until the issue is resolved.