PT-2019-12168 · Sitecore · Sitecore Experience Platform
Jarad Kopf
·
Publicado
2019-06-06
·
Atualizado
2019-06-13
·
CVE-2019-11080
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Sitecore Experience Platform (XP) versions prior to 9.1.1
Description
The issue allows remote code execution via deserialization. An authenticated user with necessary permissions can remotely execute OS commands by sending a crafted serialized object.
Recommendations
For versions prior to 9.1.1, update to version 9.1.1 or later to resolve the issue.
Exploit
Correção
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sitecore Experience Platform