CVE-2019-14223
First published: Fri Sep 06 2019(Updated: )
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Alfresco Alfresco | <5.2.6 | |
| Alfresco Alfresco | =6.0 | |
| Alfresco Alfresco | =6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14223?
CVE-2019-14223 is a vulnerability in Alfresco Community Edition versions below 5.2.6, 6.0.N, and 6.1.N. It allows an attacker to perform an Open Redirect attack via a crafted POST request.
What is the severity of CVE-2019-14223?
The severity of CVE-2019-14223 is medium with a CVSS severity score of 6.1.
How does CVE-2019-14223 affect Alfresco Community Edition?
CVE-2019-14223 affects Alfresco Community Edition versions below 5.2.6, 6.0.N, and 6.1.N.
How can an attacker exploit CVE-2019-14223?
An attacker can exploit CVE-2019-14223 by manipulating the POST parameters to perform an Open Redirect attack.
Is there a fix for CVE-2019-14223?
To fix CVE-2019-14223, users should update to Alfresco Community Edition version 5.2.6, 6.0.N, or 6.1.N.
- collector/nvd-index
- agent/type
- vendor/alfresco
- canonical/alfresco alfresco
- version/alfresco alfresco/6.0
- version/alfresco alfresco/6.1