Highly Rated and Recommended
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews
| Issue: |
|
|---|---|
| Date: |
|
| Severity: | Critical |
| Requires Admin Access: | No |
| Fix Version: | 3.3.2, 3.5.1 |
| Credit: | dotCMS Internal Security Team |
| Description: |
Under certain conditions, it may be possible to invoke the deleteContentletsFromIdList method of the CMSMaintenance class without proper permissions. |
| Mitigation: |
Restrict access to the REST API via firewall or proxy. |
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews