CVE-2019-10068

Name of the Vulnerable Software and Affected Versions: Kentico Xperience versions 9.x and earlier Kentico Xperience versions 10.0.x through 10.0.51 Kentico Xperience versions 11.0.x through 11.0.47 Kentico Xperience versions 12.0.x through 12.0.14

Description: The issue is related to the deserialization of untrusted data, which can lead to unauthenticated remote code execution on the server. This occurs due to a failure to validate security headers, allowing a specially crafted request to bypass initial authentication and proceed to deserialize user-controlled .NET object input.

Recommendations: For Kentico Xperience versions 9.x and earlier, update to a version later than 9.x. For Kentico Xperience versions 10.0.x through 10.0.51, update to version 10.0.52 or later. For Kentico Xperience versions 11.0.x through 11.0.47, update to version 11.0.48 or later. For Kentico Xperience versions 12.0.x through 12.0.14, update to version 12.0.15 or later.