CVE-2021-41790

Broken access controls in Alfresco Content Services

Discovered by Jack Misiura and Stefano Lanaro on behalf of The Missing Link Security

Vulnerability Details

The attack allows a threat actor with appropriate privileges to bypass access controls around script execution, potentially leading to unintended actions being performed by the web application or privilege escalation.

Affected Versions

5.0.x.x up to (including) 5.2.7.11

6.0.0.x up to (including) 6.0.1.9

6.1.0.x up to (including) 6.1.1.10

6.2.0.x up to (including) 6.2.2.18

7.0, 7.0.0.1, 7.0.0.2, 7.0.1.0 up to (including 7.0.1.2)

Fixed Versions

Either upgrade to Alfresco Content Services 7.1 or install appropriate hotfix for older versions.

Latest News

From Phuket with insight: Celebrating partnership success with Cloudflare

The unseen battle: Why you need secure coding now more than ever

The hidden risks of incomplete cyber security visibility

See All News