Описание
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sitecore:experience_platform:7.5:-:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:7.5:update1:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:7.5:update2:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.0:-:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.0:sp1:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.0:update1:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.0:update2:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.0:update3:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.0:update4:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.0:update5:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.0:update6:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.0:update7:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.1:-:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.1:update1:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.1:update2:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.1:update3:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.2:-:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.2:update1:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.2:update2:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.2:update3:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.2:update4:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.2:update5:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.2:update6:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:8.2:update7:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.94374
Критический
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-502
CWE-502
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
CVSS3: 9.8
fstec
больше 4 лет назад
Уязвимость конфигурации системы управления контентом Sitecore XP, позволяющая нарушителю выполнить произвольный код
EPSS
Процентиль: 100%
0.94374
Критический
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-502
CWE-502