Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Alfresco Subscribe
Filtered by product Alfresco Content Services
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41790 1 Alfresco 1 Alfresco Content Services 2022-07-12 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.
CVE-2021-41792 1 Alfresco 2 Alfresco Content Services, Alfresco Transform Services 2021-10-27 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.