Advisories and Notifications

Description:
Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the Therefore™ Server. If the malicious user gains this impersonation user access, then it is possible for them to access the documents stored in Therefore™. This impersonation is at application level (Therefore access level), not the operating system level.

Affected Versions:
All Therefore™ Online and Therefore™ On-Premises versions.

Remediation/Mitigation:
For Therefore™ Online systems, customers have already been patched. No further action is required from users or administrators.

For Therefore™ On-Premises systems, a hotfix is available to install. We strongly recommend patching all Therefore™ On-Premises systems, regardless of version. We request our customers to please contact your local Canon office or authorized reseller partner for more information.

Please note that Therefore Corporation GmbH resolved this issue by releasing a hotfix on 20 October 2025.

CVE/CVSS:
CVE-2025-11843: Therefore™ Online and Therefore™ On-Premises contains an account impersonation issue, which could potentially allow the attacker to access all the stored data.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Base Score: 8.8.

Canon U.S.A., Inc. has recently become aware that the Canon EOS Webcam Utility Pro for MAC OS contains an improper directory permissions vulnerability. Exploitation of this potential vulnerability requires administrator access by a malicious user. An attacker could modify the directory, potentially resulting in code execution and ultimately leading to privilege escalation.

Whilst we have not received any reports of exploitation, we recommend that you read the security advisory link.

Details of the vulnerability, mitigation and remediation can be found at:

Security Advisory: Vulnerability Mitigation/Remediation for Canon EOS Webcam Utility Pro for MAC OS

A potential issue of the uniqueness of an ID card has been identified in the card readers rebranded by NT-ware (originally developed and provided by rf IDEAS) and published CVE-2024-1578.

Whilst we have not received any reports of exploitation, we recommend that you read the security advisory link.

Details of the vulnerability, mitigation and remediation can be found at:

Security Advisory: Multiple MiCard PLUS card reader dropped characters

A potential susceptibility to compromise in device registration has been identified in uniFLOW Online and published CVE-2024-1621.

Whilst we have not received any reports of exploitation, we recommend that you read the security advisory link.

Details of the vulnerability, mitigation and remediation can be found at:

Security Advisory: Device registration susceptible to compromise

A potential data exposure vulnerability has been identified in uniFLOW Server and uniFLOW Remote Print Server.

Whilst we have not received any reports of exploitation, we recommend that you upgrade your implementation to the latest version.

Details of the vulnerability, mitigation and remediation can be found at:

Security Advisory: MOM Tech Support Vulnerability - NT-ware Support