RSS   Vulnerabilities for 'Alfresco content services'   RSS

2021-10-21
 
CVE-2021-41790

CWE-668
 

 
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.

 
 
CVE-2021-41792

CWE-918
 

 
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.

 

 >>> Vendor: Alfresco 7 Products
Alfresco
Community edition
Reset password
Alfresco content services
Alfresco transform services
Community share
Share


Copyright 2021, cxsecurity.com

 

Back to Top