First published: Thu Sep 05 2019(Updated: )
An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr configuration files and then receive a JMX connection from the victim, and serve a Java object that results in deserialization and code execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Alfresco Alfresco | =5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-14224 is a vulnerability in Alfresco Community Edition 5.2 that allows an attacker to achieve remote code execution by leveraging multiple components in the software.
CVE-2019-14224 has a severity rating of 7.2 (critical).
An attacker can exploit CVE-2019-14224 by uploading malicious Solr configuration files and leveraging multiple components in the Alfresco Software applications.
The affected software for CVE-2019-14224 is Alfresco Community Edition 5.2.
Yes, a fix for CVE-2019-14224 is available. It is recommended to update to a patched version of Alfresco Community Edition.