CVE-2019-14224

Name of the Vulnerable Software and Affected Versions Alfresco Community Edition version 5.2 201707

Description An issue was discovered that allows an attacker to achieve remote code execution on the victim machine by leveraging multiple components in the Alfresco Software applications. The attacker must upload malicious Solr configuration files and then receive a JMX connection from the victim, and serve a Java object that results in deserialization and code execution.

Recommendations For Alfresco Community Edition version 5.2 201707, consider restricting access to the Solr configuration files and limiting JMX connections to trusted sources until a patch is available. As a temporary workaround, consider disabling the ability to upload Solr configuration files to minimize the risk of exploitation.