CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-41790

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md
https://www.themissinglink.com.au/
https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md
https://www.themissinglink.com.au/

Products affected by CVE-2021-41790

Alfresco » Alfresco Content Services » Version: Any

cpe:2.3:a:alfresco:alfresco_content_services:*
Alfresco » Alfresco Content Services » Version: 7.0

cpe:2.3:a:alfresco:alfresco_content_services:7.0
Alfresco » Alfresco Content Services » Version: 7.0.0.1

cpe:2.3:a:alfresco:alfresco_content_services:7.0.0.1
Alfresco » Alfresco Content Services » Version: 7.0.0.2

cpe:2.3:a:alfresco:alfresco_content_services:7.0.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41790

Products

Pricing

Contact Us