Описание
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.
Ссылки
- Issue TrackingPermissions RequiredVendor Advisory
- Third Party Advisory
- Issue TrackingPermissions RequiredVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.2.1 (исключая)
cpe:2.3:a:atlassian:alfresco_enterprise_content_management:*:*:*:*:community:*:*:*
EPSS
Процентиль: 80%
0.01446
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-74
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.
EPSS
Процентиль: 80%
0.01446
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-74