Intrusion Prevention

dotCMS.CMSFilter.assets.Access.Control.Weakness

Description

This indicates an attack attempt to exploit an Access Control Weakness Vulnerability in dotCMS.
The vulnerability is due to insufficient path validation in the CMSFilter class, if the dotCMS installation stores its assets under the tomcat's webapps/ROOT/assets directory. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted server. Successful exploitation of this vulnerability could allow the attacker to access restricted resources or execute arbitrary code in the security context of the target service.

Affected Products

dotCMS prior to 5.2.4

Impact

Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://dotcms.com/security/SI-54

CVE References

CVE-2020-6754