We have identified a User Portal security issue where a process folder manager could potentially obtain unauthorized read access to a data file of a process, request, or action through non-standard application usage. We strongly recommend that clients that use process folder manager roles upgrade to WorkflowGen version 7.9.1, which includes a fix for this issue, or apply the patch for your version of WorkflowGen (see below).
Note: This security issue is limited to users with process folder manager roles. Administrators, process supervisors, and standard users are not affected by this issue.
This fix is available for the following versions of WorkflowGen. If your version isn’t listed here, please open a support ticket.
Patch installation instructions
-
Download the patch for your version of WorkflowGen and unzip it.
-
Copy and overwrite the
Advantys.Workflow.Processes.Runtime.dllandAdvantys.Workflow.Web.UI.Portal.dllfiles in the\wfgen\binfolder.