Описание
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 9.0 (включая) до 10.4 (включая)Версия от 9.0 (включая) до 10.4 (включая)Версия от 9.0 (включая) до 10.4 (исключая)
Одно из
cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:sitecore:experience_platform:10.4:-:*:*:*:*:*:*
cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01572
Низкий
8.8 High
CVSS3
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 8.8
github
5 месяцев назад
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4.
EPSS
Процентиль: 81%
0.01572
Низкий
8.8 High
CVSS3
Дефекты
CWE-502