CVE-2021-41790

8.8 HIGH

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2

Published: 2021-10-21 · Last updated: 2026-06-17

Severity and scoring

CVSS: 8.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Vendor	Product
alfresco	alfresco_content_services

Description

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41790
[Other]https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md
[Other]https://www.themissinglink.com.au/
[Other]https://github.com/Alfresco/acs-packaging/blob/master/DISCLOSURES.md
[Other]https://www.themissinglink.com.au/

Related CVEs

Same vendor

CVE-2021-41792 — An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services th... (5.3 MEDIUM)
CVE-2021-41791 — An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0 (5.4 MEDIUM)