Alfresco Content Services
Approved changes feed: RSS · Atom
cpe:2.3:a:hyland:alfresco_content_services:*:*:*:*:community:*:*:*
part: a version: * update: *
| Vendor | Hyland (4cbf6081-43e8-5c1e-b8e8-d0a0dad432d9) |
|---|---|
| Product | Alfresco Content Services (bd5fa5e0-b5ca-5675-b47f-ba70fa1e89e0) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-26336 |
vulnerable | 2026-06-03 15:18:05.553573 |
Hyland Alfresco Improper Authorization Arbitrary File Read
HIGH (7.5)
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
Published: 2026-02-19T15:56:25.781Z
Updated: 2026-05-11T23:11:19.969Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-49964 |
vulnerable | 2026-06-03 14:53:26.822371 |
Details available
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873.
Published: 2023-12-11T00:00:00.000Z
Updated: 2024-08-02T22:09:49.648Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.