7.0.0.2

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

alfresco

NVD

Published: 2021-10-21

Updated: 2022-07-12

Summary

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.

Vulnerable Configurations

Part	Description	Count
Application	Alfresco Alfresco Alfresco Content Services 7.0.0.2 Alfresco Alfresco Content Services 7.0.0.1 Alfresco Alfresco Content Services 7.0 Alfresco Alfresco Content Services *	4

References

https://www.themissinglink.com.au/
https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md