Due to a Security Bulletin by HCL there´s a possible way for attackers to carry out an injection attack.

The complete consequences are explained on this official statement.

So there a 2 ways to get this issue fixed:
1. opening a case at HCL Support and requesting a fix
2. adding the following NOTES.INI settings on the server and on your clients e.g. via Desktop Settings or Marvel Client as a workaround:
>> FT_INDEX_IGNORE_ATTACHMENT_TYPES=*.pdf
>> FT_INDEX_ATTACHMENTS=1

If you need to do any action please go through this listing:
For 145FP1 -> No action required
For 145 -> Apply 145FP1
For 14 -> Apply 14.0FP4IF1.
For 1202 -> No fix available yet.
For Notes 14.0 -> A fix is planned for 14.0 Fix Pack 5

Please take a look at the Knowledge Base entry KB0124451.