Views:
Question:
Is DocuWare Fulltext affected by the CVE-2022-42889 vulnerability?

The vulnerability affects the following file: ...\DocuWare\Full-Text Server (x64)\solr\server\solr-webapp\webapp\WEB-INF\lib\commons-text-1.6.jar.

Answer:
By product design, DocuWare is not affected by this vulnerability as DocuWare does not use the functionality that can be exploited.

KBA is applicable to on-premises Organizations ONLY.
This article is valid for DocuWare versions: 7.6, 7.7, 7.8, 7.9, 7.10, CVE-2022-42889, Fulltext, Vulnerability, SOLR
Comments (2)
  • Pedro E. Gonzalez-Santini
    Mon, 02 Dec 2024 15:49:30 GMT
    Can the file be renamed or deleted or must it be left in place?
  • Pedro E. Gonzalez-Santini
    Fri, 30 Jan 2026 15:08:06 GMT
    DocuWare version 7.11 (as seen in the Presentation VM) shows the 1.10 jar file which does not have the vulnerability as described in https://nvd.nist.gov/vuln/detail/CVE-2022-42889

    That module is not used by DocuWare anyway.