CVE-2017-11440

Name of the Vulnerable Software and Affected Versions Sitecore version 8.2

Description The issue allows for absolute path traversal. This can be achieved through the fi parameter in the /shell/Applications/Layouts/IDE.aspx endpoint and the Reference parameter in the /admin/LinqScratchPad.aspx endpoint.

Recommendations For Sitecore version 8.2, as a temporary workaround, consider restricting access to the /shell/Applications/Layouts/IDE.aspx and /admin/LinqScratchPad.aspx endpoints until a patch is available. Avoid using the fi and Reference parameters in these endpoints to minimize the risk of exploitation.