CVE-2019-14222

Name of the Vulnerable Software and Affected Versions Alfresco Community Edition versions 6.0 and lower

Description An issue allows an unauthenticated, remote attacker to authenticate to Alfresco's Solr Web Admin Interface. This is due to a default private key present in all default installations. An attacker could exploit this by using the extracted private key and bundling it into a PKCS12, potentially gaining information about the target system, such as OS type, system file locations, Java version, and Solr version. This access could also be leveraged to launch further attacks.

Recommendations For Alfresco Community Edition versions 6.0 and lower, consider removing or replacing the default private key to prevent unauthorized access to Alfresco's Solr Web Admin Interface. As a temporary workaround, restrict access to the Solr Web Admin Interface until a more permanent solution can be implemented.