Vulnerability Details CVE-2021-41792
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to the attacker, i.e., this is blind SSRF.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.3%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2021-41792
-
cpe:2.3:a:alfresco:alfresco_content_services:*
-
cpe:2.3:a:alfresco:alfresco_content_services:6.0.0.6
-
cpe:2.3:a:alfresco:alfresco_content_services:6.0.1.7
-
cpe:2.3:a:alfresco:alfresco_content_services:6.0.1.8
-
cpe:2.3:a:alfresco:alfresco_content_services:6.0.1.9
-
cpe:2.3:a:alfresco:alfresco_content_services:6.1.1.10
-
cpe:2.3:a:alfresco:alfresco_content_services:6.1.1.8
-
cpe:2.3:a:alfresco:alfresco_content_services:6.1.1.9
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.0.7
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.1.4
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.1.5
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.10
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.11
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.12
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.13
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.14
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.15
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.16
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.17
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.18
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.4
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.5
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.6
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.7
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.8
-
cpe:2.3:a:alfresco:alfresco_content_services:6.2.2.9
-
cpe:2.3:a:alfresco:alfresco_transform_services:*