CNNVD-202509-246 Information
CNNVD ID
CNNVD-202509-246
Related CVE
- CNNVD Published: 2025-09-03
Description (Chinese)
Sitecore Experience Manager(XM)是丹麦Sitecore公司的一个管理软件。 Sitecore Experience Manager 9.0及之前版本和Sitecore Experience Platform 9.0及之前版本存在安全漏洞,该漏洞源于反序列化不受信任数据,可能导致代码注入。
Description (English)
Setcore Exchange Manager (XM) is a management software for the Danish company Sitecore. There is a security loophole in Sitecore Exchange Manager 9.0 and previous editions of Sitecore Exchange Platform 9.0 and previous versions, which stems from anti-sequencing untrusted data and may lead to code injection.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Sitecore
Published
2025-09-03
Last Modified
2026-02-24
References
https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865
Patch
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865
Share on: