CVE-2021-41790

More information about this CVE will likely be available in a few days.

Description

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.

Related CPE's

Could not find any relations

References

https://www.themissinglink.com.au/

https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io