An issue exists in Hyland org.alfresco:alfresco-content-services up to and including 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in malicious user to execute arbitrary code inside a sandboxed environment.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alfresco alfresco content services 7.0.0.2 |
||
alfresco alfresco content services 7.0.0.1 |
||
alfresco alfresco content services 7.0 |
||
alfresco alfresco content services |