CNNVD-202507-3287 Information
CNNVD ID
CNNVD-202507-3287
Related CVE
- CNNVD Published: 2025-07-25
Description (Chinese)
Sitecore Experience Platform(XP)等都是丹麦Sitecore公司的产品。Sitecore Experience Platform是一套客户数字体验平台。Sitecore Experience Manager(XM)是一个管理软件。Sitecore Experience Commerce(XC)是一个原生集成、支持云的软件平台,使品牌能够在购物前、购物中、购物中、购物前、购物过程中提供完全个性化的端到端购物体验。 Sitecore多款产品存在安全漏洞,该漏洞源于未经身份验证的攻击者可读取任意文件。以下产品受到影响:Sitecore Experience Manager、Experience Platform、Experience Commerce和Managed Cloud。
Description (English)
Setcore Exchange Platform (XP) and others are products of the Danish company Sitecore. Sitecore Exchange Platform is a client digital experience platform. Site Exchange Manager (XM) is a management software. Sitecore Exchange Company (XC) is a raw, integrated, cloud-support software platform that enables brands to provide fully personalized end-to-end shopping experiences before, during, during, before, during and during shopping. There is a security loophole in a number of Sitecore products, which stems from the fact that unidentified assailants have access to random documents. The following products were affected: Setecore Exchange Manager, Express Platform, Express Company and Managed Cloud.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Sitecore
Published
2025-07-25
Last Modified
2026-02-24
References
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003650 https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003661 https://www.vulncheck.com/advisories/sitecore-xm-xp-xc-managed-cloud-arbitrary-file-read https://access.redhat.com/security/cve/cve-2025-34139
Patch
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003650
Share on: