8.8

CVE-2021-41790

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AlfrescoAlfresco Content Services SwEditionenterprise Version >= 5.0.0.0 <= 5.2.7.11
AlfrescoAlfresco Content Services SwEditionenterprise Version >= 6.0.0.0 <= 6.0.1.9
AlfrescoAlfresco Content Services SwEditionenterprise Version >= 6.1.0.0 <= 6.1.1.10
AlfrescoAlfresco Content Services SwEditionenterprise Version >= 6.2.0.0 <= 6.2.2.18
AlfrescoAlfresco Content Services SwEditionenterprise Version >= 7.0.1.0 <= 7.0.1.2
AlfrescoAlfresco Content Services Version7.0 SwEditionenterprise
AlfrescoAlfresco Content Services Version7.0.0.1 SwEditionenterprise
AlfrescoAlfresco Content Services Version7.0.0.2 SwEditionenterprise
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.42% 0.694
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md
Third Party Advisory
https://www.themissinglink.com.au/
Third Party Advisory