First published: Fri Sep 06 2019(Updated: )
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Alfresco Alfresco | <5.2.6 | |
Alfresco Alfresco | =6.0 | |
Alfresco Alfresco | =6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-14223 is a vulnerability in Alfresco Community Edition versions below 5.2.6, 6.0.N, and 6.1.N. It allows an attacker to perform an Open Redirect attack via a crafted POST request.
The severity of CVE-2019-14223 is medium with a CVSS severity score of 6.1.
CVE-2019-14223 affects Alfresco Community Edition versions below 5.2.6, 6.0.N, and 6.1.N.
An attacker can exploit CVE-2019-14223 by manipulating the POST parameters to perform an Open Redirect attack.
To fix CVE-2019-14223, users should update to Alfresco Community Edition version 5.2.6, 6.0.N, or 6.1.N.