CVE-2021-41790

Broken access controls in Alfresco Content Services

Discovered by Jack Misiura and Stefano Lanaro on behalf of The Missing Link Security

Vulnerability Details

The attack allows a threat actor with appropriate privileges to bypass access controls around script execution, potentially leading to unintended actions being performed by the web application or privilege escalation.

Affected Versions

5.0.x.x up to (including) 5.2.7.11

6.0.0.x up to (including) 6.0.1.9

6.1.0.x up to (including) 6.1.1.10

6.2.0.x up to (including) 6.2.2.18

7.0, 7.0.0.1, 7.0.0.2, 7.0.1.0 up to (including 7.0.1.2)

Fixed Versions

Either upgrade to Alfresco Content Services 7.1 or install appropriate hotfix for older versions.

Latest News

5 Microsoft Power Platform Benefits That Will Transform Your Business

5 Key Takeaways from Early Adopters of Microsoft 365 Copilot

The Missing Link is recognised as Premier Service Delivery Partner by Netskope

See All News