CNNVD-202509-344 Information
CNNVD ID
CNNVD-202509-344
Related CVE
- CNNVD Published: 2025-09-03
Description (Chinese)
Sitecore Experience Manager(XM)是丹麦Sitecore公司的一个管理软件。 Sitecore Experience Manager 9.0至9.3版本和10.0至10.4版本和Sitecore Experience Platform 9.0至9.3版本和10.0至10.4版本存在安全漏洞,该漏洞源于反序列化不受信任数据,可能导致远程代码执行。
Description (English)
Setcore Exchange Manager (XM) is a management software for the Danish company Sitecore. There is a security gap between version 9.0 to 9.3 and versions 10.0 to 10.4 and between version 9.0 to 9.3 and version 10.0 to 10.4, which stems from anti-serialization untrusted data and may lead to remote code implementation.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Sitecore
Published
2025-09-03
Last Modified
2026-02-24
References
https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/ https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667
Patch
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667
Share on: