Vulnerability CVE-2019-14222


Published: 2019-09-05   Modified: 2019-09-06

Description:
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface.

Type:

CWE-320

(Key Management Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Alfresco -> Alfresco 

 References:
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14222-Default%20Certificate-Alfresco%20Community

Copyright 2022, cxsecurity.com

 

Back to Top