CVE-2014-9300

Name of the Vulnerable Software and Affected Versions Alfresco Community Edition versions prior to 5.0.a

Description A cross-site request forgery (CSRF) issue exists in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) that allows remote attackers to hijack user authentication for unauthorized URL access and potentially obtain user credentials via a URL in the url parameter.

Recommendations For versions prior to 5.0.a, update to version 5.0.a or later to resolve the issue. As a temporary workaround, consider restricting access to the cmisbrowser servlet to minimize the risk of exploitation. Avoid using the url parameter in the affected servlet until the issue is resolved.