CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-9875

Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.119

EPSS Ranking 93.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

Proposed Action

Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.

Ransomware Campaign

Unknown

References

Products affected by CVE-2019-9875

Sitecore » Cms » Version: 7.0

cpe:2.3:a:sitecore:cms:7.0
Sitecore » Cms » Version: 7.2

cpe:2.3:a:sitecore:cms:7.2
Sitecore » Cms » Version: 8.0

cpe:2.3:a:sitecore:cms:8.0
Sitecore » Cms » Version: 8.1

cpe:2.3:a:sitecore:cms:8.1
Sitecore » Cms » Version: 8.2

cpe:2.3:a:sitecore:cms:8.2
Sitecore » Cms » Version: 9.0

cpe:2.3:a:sitecore:cms:9.0
Sitecore » Cms » Version: 9.0.1

cpe:2.3:a:sitecore:cms:9.0.1
Sitecore » Cms » Version: 9.1

cpe:2.3:a:sitecore:cms:9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-9875

Products

Pricing

Contact Us