CNNVD-202512-3400 Information

CNNVD ID

CNNVD-202512-3400

Related CVE

CVE-2020-36890

• CNNVD Published: 2025-12-18

Description (Chinese)

Kentico Xperience是Kentico公司的一个数字体验平台。 Kentico Xperience存在安全漏洞，该漏洞源于未经授权的请求可能修改全局管理员权限，导致账户接管。

Description (English)

Kentico Xperience is a digital experience platform for Kentico. There was a security loophole in Kentico Xperience, which stemmed from unauthorized requests that might modify global administrator authority and lead to the account being taken over.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Kentico

Published

2025-12-18

Last Modified

2026-02-24

References

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-administrator-access-control-bypass

Patch

https://devnet.kentico.com/download/hotfixes