A vulnerability classified as problematic has been found in Schweizerische Steuerkonferenz Library taxstatement.jar 2.2.2/2.2.4 on Windows. Affected is the function
DocumentBuilder
of the component PDF Handler. The manipulation leads to xml external entity reference.
This vulnerability is traded as CVE-2024-8602. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.