PT-2019-12798 · Sitecore · Sitecore Rocks

Publicado

2019-05-29

Atualizado

2020-08-24

CVE-2019-12440

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sitecore Rocks plugin versions prior to 2.1.149

Description The issue allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.

Recommendations For versions prior to 2.1.149, update to version 2.1.149 or later to resolve the issue.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2019-12440

Sitecore Rocks