CVE-2021-41792
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.
Se ha detectado un problema en Hyland org.alfresco:alfresco-content-services versiones hasta 6.2.2.18 y org.alfresco:alfresco-transform-services versiones hasta 1.3. Un archivo HTML diseñado, una vez cargado, podría desencadenar una petición inesperada por parte del motor de transformación. La respuesta a la petición no está disponible para el atacante, es decir, se trata de una vulnerabilidad de tipo SSRF ciega
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-29 CVE Reserved
- 2021-10-21 CVE Published
- 2024-07-06 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md | Third Party Advisory | |
| https://www.themissinglink.com.au | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Alfresco Search vendor "Alfresco" | Alfresco Content Services Search vendor "Alfresco" for product "Alfresco Content Services" | >= 5.0.0.0 <= 5.2.7.11 Search vendor "Alfresco" for product "Alfresco Content Services" and version " >= 5.0.0.0 <= 5.2.7.11" | - |
Affected
| ||||||
| Alfresco Search vendor "Alfresco" | Alfresco Content Services Search vendor "Alfresco" for product "Alfresco Content Services" | >= 6.0.0.0 <= 6.0.1.9 Search vendor "Alfresco" for product "Alfresco Content Services" and version " >= 6.0.0.0 <= 6.0.1.9" | - |
Affected
| ||||||
| Alfresco Search vendor "Alfresco" | Alfresco Content Services Search vendor "Alfresco" for product "Alfresco Content Services" | >= 6.1.1.0 <= 6.1.1.10 Search vendor "Alfresco" for product "Alfresco Content Services" and version " >= 6.1.1.0 <= 6.1.1.10" | - |
Affected
| ||||||
| Alfresco Search vendor "Alfresco" | Alfresco Content Services Search vendor "Alfresco" for product "Alfresco Content Services" | >= 6.2.0.0 <= 6.2.2.18 Search vendor "Alfresco" for product "Alfresco Content Services" and version " >= 6.2.0.0 <= 6.2.2.18" | - |
Affected
| ||||||
| Alfresco Search vendor "Alfresco" | Alfresco Transform Services Search vendor "Alfresco" for product "Alfresco Transform Services" | <= 1.3 Search vendor "Alfresco" for product "Alfresco Transform Services" and version " <= 1.3" | - |
Affected
| ||||||