| ID | 1090501606 |
| Created | Oct 31, 2022 |
| Updated | Oct 31, 2022 |
| Severity |
|
| Default Action | pass |
| Active |
|
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | ASP_app |
| Engine Version | 5.0.0 or later |
Legend
| Enabled/Available |
|
| Disabled/Not Available |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2022-10-31 | 0.00333 |
Refine Search
Threat Encyclopedia
Sitecore.XP.Insecure.Deserialization.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Code Injection Vulnerability in Sitecore XP.
The vulnerability is due to insufficient validation of user-supplied XML files. A remote attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in remote code execution.
Affected Products
Sitecore XP 7.5 Initial Release to 7.5 Update-2
Sitecore XP 8.0 Initial Release to 8.0 Update-7
Sitecore XP 8.1 Initial Release to 8.1 Update-3
Sitecore XP 8.2 Initial Release to 8.2 Update-7
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776