topic Re: Any info about CVE-2020-11022, CVE-2021-23450 & CVE-2021-41182 with ACS 23.1 in Alfresco Forum

Any info about CVE-2020-11022, CVE-2021-23450 & CVE-2021-41182 with ACS 23.1

klabecks — Fri, 03 Oct 2025 11:12:39 GMT

I want to know if any of the following vulnerabilities can be exploited with Alfresco?

https://www.cve.org/CVERecord?id=CVE-2020-11022
https://www.cve.org/CVERecord?id=CVE-2021-23450
https://www.cve.org/CVERecord?id=CVE-2021-41182

These were found in Alfresco Community 23.1 version.

Re: Any info about CVE-2020-11022, CVE-2021-23450 & CVE-2021-41182 with ACS 23.1

HeinRagas — Tue, 07 Oct 2025 12:33:55 GMT

We keep an eye on the CVEs and scan Alfresco with the usual tools. Not every security issue in a library we use can be exploited. You can find our security policy at https://docs.alfresco.com/support/latest/policies/security/ .

As a rule, we do not communicate about individual CVEs. The latest service pack is always up-to-date with our security fixes, my recommendation is to deploy 23.5 or wait just a week to go to 23.6.

Re: Any info about CVE-2020-11022, CVE-2021-23450 & CVE-2021-41182 with ACS 23.1

klabecks — Fri, 10 Oct 2025 11:49:57 GMT

Thank you for the information! So I guess we can assume that if a library version used in Alfresco has an old vulnerability finding (like in this case), the vulnerability is not exploitable in Alfresco. Otherwise it would have been updated.