CVE-2024-29309

EUVD-2024-26321
An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
CISA-ADPADP
7.7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
alfrescoalfresco_content_services
23.3.0.7
ADP
Common Weakness Enumeration
References
https://gist.github.com/Siebene/c22e1a4a4a8b61067180475895e60858
https://gist.github.com/Siebene/c22e1a4a4a8b61067180475895e60858