CVE-2019-11080

Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
Configurations

Configuration 1

cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*

Information

Published : 2019-06-06 02:29

Updated : 2019-06-13 09:29


NVD link : CVE-2019-11080

Mitre link : CVE-2019-11080

Products Affected
No products.
CWE
CWE-502

Deserialization of Untrusted Data