Headline
CVE-2023-49964: Try Alfresco Content Services Community now
An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873.
Try Alfresco Content Services Community now
Deploy the free & open source edition of ACS
NewVersion (7.4.0) - Released May 2023****
This online trial offers the quickest and easiest way to experience the simplicity and power of Alfresco Content Services (v7.4) and Alfresco Governance Services (7.4). No install required.
- Use Alfresco Digital Workspace to manage files and declare records.
- Pre-populated with sites, content and simple workflows to help you experience the breadth of Alfresco.
- Create automated rules to speed up record declaration and filing.
Easily invite colleagues to try rich collaboration and records management features.
By accessing Alfresco trial software, you have read and agreed to the terms of the software license agreement
Alfresco Community Edition
Oh no! We’re unable to display this form.
Please check that you’re not running an adblocker and if you are please whitelist alfresco.com.
If you’re still having problems please drop us an email.
Loading