10 matches found
CVE-2024-29309
An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service...
CVE-2024-29309
An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service...
CVE-2024-29309
An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service...
PT-2024-22855 · Alfresco · Alfresco Content Services
Name of the Vulnerable Software and Affected Versions: Alfresco Content Services version 23.3.0.7 Description: An issue in Alfresco Content Services allows a remote attacker to execute arbitrary code via the Transfer Service. Recommendations: For Alfresco Content Services version 23.3.0.7, consid...
CVE-2024-29309
CVE-2024-29309 affects Alfresco Content Services v23.3.0.7, where the Transfer Service enables remote code execution. Impact: attacker can execute arbitrary code remotely over the network with no user interaction. Root cause: vulnerability in the Transfer Service component. Mitigation/workaround:...
CVE-2024-29309
An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service...
CVE-2021-41790
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment...
Server side request forgery (ssrf)
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to...
CVE-2021-41792
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to...
CVE-2021-41790
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment...