- Vulnerability/
- CVE-2019-14224
CVE-2019-14224
First published: Thu Sep 05 2019(Updated: )
An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr configuration files and then receive a JMX connection from the victim, and serve a Java object that results in deserialization and code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Alfresco Alfresco | =5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14224?
CVE-2019-14224 is a vulnerability in Alfresco Community Edition 5.2 that allows an attacker to achieve remote code execution by leveraging multiple components in the software.
How severe is CVE-2019-14224?
CVE-2019-14224 has a severity rating of 7.2 (critical).
How can an attacker exploit CVE-2019-14224?
An attacker can exploit CVE-2019-14224 by uploading malicious Solr configuration files and leveraging multiple components in the Alfresco Software applications.
What is the affected software for CVE-2019-14224?
The affected software for CVE-2019-14224 is Alfresco Community Edition 5.2.
Is there a fix available for CVE-2019-14224?
Yes, a fix for CVE-2019-14224 is available. It is recommended to update to a patched version of Alfresco Community Edition.
- collector/nvd-index
- vendor/alfresco
- product/alfresco
- canonical/alfresco alfresco