CVE-2019-12440

Опубликовано: 29 мая 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.

Ссылки

https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc...bd9ba6a
Patch
Third Party Advisory
https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149
Release Notes
Third Party Advisory
https://kb.sitecore.net/articles/842902
Patch
Vendor Advisory
https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc...bd9ba6a
Patch
Third Party Advisory
https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149
Release Notes
Third Party Advisory
https://kb.sitecore.net/articles/842902
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sitecore:rocks:*:*:*:*:*:sitecore:*:*

Версия до 2.1.149 (исключая)

EPSS

Процентиль: 71%

0.00674

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-vp9w-cxrw-6j78