CVSS: 7.7EPSS: 1%CPEs: 1EXPL: 0CVE-2024-29309
https://notcve.org/view.php?id=CVE-2024-29309
02 May 2024 — An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service. Un problema en Alfresco Content Services v.23.3.0.7 permite a un atacante remoto ejecutar código arbitrario a través del Servicio de Transferencia. • https://gist.github.com/Siebene/c22e1a4a4a8b61067180475895e60858 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41792
https://notcve.org/view.php?id=CVE-2021-41792
21 Oct 2021 — An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF. Se ha detectado un problema en Hyland org.alfresco:alfresco-content-services versiones hasta 6.2.2.18 y org.alfresco:alfresco-transform-services versiones hasta 1.3. Un archi... • https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-41790
https://notcve.org/view.php?id=CVE-2021-41790
21 Oct 2021 — An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment. Se ha detectado un problema en Hyland org.alfresco:alfresco-content-services versiones hasta 7.0.1.2. La ejecución de acciones de script permite ejecutar scripts cargados fuera del diccionario de datos. • https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md •