cbcvebase.
CVE-2019-14223
published 2019-09-06

CVE-2019-14223: An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect…

PriorityP179medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.47%
90.3th percentile
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).

Affected

3 ranges
VendorProductVersion rangeFixed in
alfrescoalfresco< 5.2.65.2.6
alfrescoalfresco
alfrescoalfresco

Detection & IOCsextracted from sources · hover to see the quote

url/share/page/dologin
  • Detect exploit attempts by monitoring POST requests to /share/page/dologin where the 'failure' parameter contains a backslash or external domain (e.g., :\<domain>), indicating an open redirect payload.
  • The exploit uses Content-Type: application/x-www-form-urlencoded in the POST request to /share/page/dologin; correlate this with anomalous 'failure' parameter values pointing to external hosts.
  • ·Affected versions are Alfresco Community Edition below 5.2.6, 6.0.N, and 6.1.N. Detection rules should be scoped to these versions to reduce false positives.
  • ·The open redirect can abuse any protocol (http, https, ftp, smb, etc.) via the 'failure' POST parameter, so detection logic must not be limited to HTTP/HTTPS redirect schemes.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.