Vulnerabilities > Alfresco

DATE CVE VULNERABILITY TITLE RISK
2019-09-06 CVE-2019-14223 Open Redirect vulnerability in Alfresco
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N.
network
alfresco CWE-601
5.8
2019-09-05 CVE-2019-14224 Deserialization of Untrusted Data vulnerability in Alfresco 5.2
An issue was discovered in Alfresco Community Edition 5.2 201707.
network
low complexity
alfresco CWE-502
critical
9.0
2019-09-05 CVE-2019-14222 Key Management Errors vulnerability in Alfresco
An issue was discovered in Alfresco Community Edition versions 6.0 and lower.
network
low complexity
alfresco CWE-320
7.5
2019-08-26 CVE-2019-15566 SQL Injection vulnerability in Alfresco
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.
network
low complexity
alfresco CWE-89
7.5
2015-04-21 CVE-2015-3366 Cross-Site Request Forgery (CSRF) vulnerability in Alfresco 6.X1.2
Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors.
network
alfresco CWE-352
5.8
2014-12-07 CVE-2014-9302 Remote Security vulnerability in Community Edition
Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter.
network
low complexity
alfresco
5.0
2014-12-07 CVE-2014-9301 Remote Security vulnerability in Alfresco 4.2.F
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.
network
low complexity
alfresco
6.4
2014-12-07 CVE-2014-9300 Cross-Site Request Forgery (CSRF) vulnerability in Alfresco 4.2.F/5.0.A
Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter.
network
alfresco CWE-352
6.8
2014-06-02 CVE-2014-2939 Cross-Site Scripting vulnerability in Alfresco 4.1.6
Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit.
network
alfresco CWE-79
4.3