topic Re: Security vulnerabilities in Alfresco Content Services 7.0 in Alfresco Forum

Security vulnerabilities in Alfresco Content Services 7.0

tmljack — Thu, 01 Jul 2021 22:45:26 GMT

I'm attempting to privately communicate a number of security vulnerabilities I have found in the current version of Alfresco Content Services, I haven't checked the community edition but the vulnerabilities are likely to be present there too.

Is there a secure way to submit these? I've already attempted to contact security@alfresco.com but have received no reply.

Re: Security vulnerabilities in Alfresco Content Services 7.0

abhinavmishra14 — Fri, 02 Jul 2021 01:29:14 GMT

May be @EddieMay will be able to redirect to correct channel to pass on the concerns.

Re: Security vulnerabilities in Alfresco Content Services 7.0

EddieMay — Fri, 02 Jul 2021 08:29:12 GMT

Hi @tmljack

I've reached out to you directly - we should be able to connect you with appropriate people internally.

Thanks,

Re: Security vulnerabilities in Alfresco Content Services 7.0

tmljack — Fri, 02 Jul 2021 09:20:04 GMT

Thank you for the prompt response, I did not receive any direct communication on my end at this stage that I can see.

Feel free to send me an email however and am looking forward to being able to share the information in a secure manner.

Re: Security vulnerabilities in Alfresco Content Services 7.0

EddieMay — Mon, 05 Jul 2021 12:58:20 GMT

Hi @tmljack

I did email you last week but I think it got bounced back. Have emailed again just now.

Thanks again,

Re: Security vulnerabilities in Alfresco Content Services 7.0

swatcat91 — Tue, 14 Mar 2023 23:06:29 GMT

Hi Eddie,

I have been trying to get in touch with your team to report a new issue in Alfresco 7.x. I have mailed to appsecurity@hyland.com multiple times but I am unable to get a reply.

https://hub.alfresco.com/t5/alfresco-content-services-forum/vulnerability-in-alfresco-enteprise/m-p/315159

Can you direct me to the correct contact to report a security vulnerability ?