CVE-2019-14223

moderate-risk
Published 2019-09-06

An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).

Do I need to act?

!
37.3% chance of exploitation in next 30 days
EPSS score — higher than 63% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (3)

Alfresco
Alfresco
Alfresco

Affected Vendors

Alfresco

References (4)

Vendor Advisory https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestion...
Exploit https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20R...
Vendor Advisory https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestion...
Exploit https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20R...
48
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 16/34 · Moderate
Exposure 9/34 · Low