NotCVE - vendor:"Alfresco" product:"Alfresco Content Services" version:" >= 6.1.1.0 <= 6.1.1.10"

3 results (0.002 seconds)

CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 1

CVE-2023-49964

https://notcve.org/view.php?id=CVE-2023-49964

11 Dec 2023 — An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873. Se descubrió un problema en Hyland Alfresco Community Edition hasta 7.2.0. Al insertar contenido malicioso en el archi... • https://github.com/mbadanoiu/CVE-2023-49964 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-41792

https://notcve.org/view.php?id=CVE-2021-41792

21 Oct 2021 — An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF. Se ha detectado un problema en Hyland org.alfresco:alfresco-content-services versiones hasta 6.2.2.18 y org.alfresco:alfresco-transform-services versiones hasta 1.3. Un archi... • https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2021-41790

https://notcve.org/view.php?id=CVE-2021-41790

21 Oct 2021 — An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment. Se ha detectado un problema en Hyland org.alfresco:alfresco-content-services versiones hasta 7.0.1.2. La ejecución de acciones de script permite ejecutar scripts cargados fuera del diccionario de datos. • https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md •