CNNVD-202506-2087 Information
CNNVD ID
CNNVD-202506-2087
Related CVE
- CNNVD Published: 2025-06-17
Description (Chinese)
Sitecore Experience Platform(XP)和Sitecore Experience Manager(XM)都是丹麦Sitecore公司的产品。Sitecore Experience Platform是一套客户数字体验平台。Sitecore Experience Manager是一个管理软件。 Sitecore Experience Platform和Sitecore Experience Manager存在安全漏洞,该漏洞源于硬编码用户账户,可能导致未经验证的远程攻击者访问管理API。
Description (English)
Sitecore Exchange Platform (XP) and Setecore Exchange Manager (XM) are products of the Danish company Sitecore. Sitecore Exchange Platform is a client digital experience platform. Site Exchange Manager is a management software. There is a security loophole in Sitecoré Exchange Platform and Sitecoré Exchange Manager, which originates from hard-coded user accounts and may lead to uncertified remote assailant access management API.
Hazard Level
Medium
Vulnerability Type
信任管理问题
Affected Vendor
Sitecore
Published
2025-06-17
Last Modified
2026-02-24
References
https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform/ https://nvd.nist.gov/vuln/detail/CVE-2025-34509 https://access.redhat.com/security/cve/cve-2025-34509
Patch
https://www.sitecore.com/products/experience-manager
Share on: