Published: 06/06/2019 Updated: 13/06/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Sitecore Experience Platform (XP) before 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sitecore experience platform

Sitecore versions 8x suffer from a deserialization vulnerability that allows for remote code execution ...

# Exploit Title: Sitecore v 8x Deserialization RCE # Date: Reported to vendor October 2018, fix released April 2019 # Exploit Author: Jarad Kopf # Vendor Homepage: wwwsitecorecom/ # Software Link: Sitecore downloads: devsitecorenet/Downloadsaspx # Version: Sitecore 80 Revision 150802 # Tested on: Windows # CVE : CVE-2019-110 ...

CWE-502 https://github.com/minecrater/exploits/blob/master/Sitecore8xDeserialRCE https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/91/Sitecore%20Experience%20Platform%2091%20Update1/Release%20Notes http://packetstormsecurity.com/files/153274/Sitecore-8.x-Deserialization-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/153274/Sitecore-8.x-Deserialization-Remote-Code-Execution.html https://www.exploit-db.com/exploits/46987

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-11080

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect