ABBYY confirms that the vulnerability was detected in FlexiCapture 12 Release 2 during the penetration testing.

The official Release Notes document for FlexiCapture 12 Release 2 Update 6 contains information that this issue was discovered and is fixed with Update 6.

Note that this vulnerability is detected at the monitoring application, a component of FlexiCapture that is not intended to be published on the Internet, available only to internal users – that means for a user to get access to monitoring application, she needs first to get access to internal network and pass through authentication and authorization procedures. Therefore, ABBYY does not consider this vulnerability to be critical, because it is hard to utilize.

The issue is fixed in FlexiCapture 12 Release 2 Update 6. The penetration testing is conducted by NCC Group. We recommend using the latest update of the product.