CVE-2021-41790

Published: Oct 21, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.

Affected (8)

Products: Alfresco: Alfresco Content Services

Alfresco

1 product

Alfresco Content Services

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Alfresco Alfresco Content Services	From 5.0.0.0 to 5.2.7.11
Alfresco Alfresco Content Services	From 6.0.0.0 to 6.0.1.9
Alfresco Alfresco Content Services	From 6.1.0.0 to 6.1.1.10
Alfresco Alfresco Content Services	From 6.2.0.0 to 6.2.2.18
Alfresco Alfresco Content Services	From 7.0.1.0 to 7.0.1.2
Alfresco Alfresco Content Services	Version 7.0.0.1
Alfresco Alfresco Content Services	Version 7.0.0.2
Alfresco Alfresco Content Services	Version 7.0

References (4)

https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md

Source: cve@mitre.org

Third Party Advisory

https://www.themissinglink.com.au/

Source: cve@mitre.org

Third Party Advisory

https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.themissinglink.com.au/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.