Lucene search

MitreCVE-2009-1055

HistoryMar 24, 2009 - 2:30 p.m.

CVE-2009-1055

2009-03-2414:30:00

mitre

web.nvd.nist.gov

cve-2009-1055

sitecore cms

vulnerability

web service

soap

xml requests

security databases

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.002

Percentile

53.2%

JSON

Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests.

Affected configurations

Nvd

Node

sitecorecmsMatch5.3.0

sitecorecmsMatch5.3.1

VendorProductVersionCPE
sitecorecms5.3.0cpe:2.3:a:sitecore:cms:5.3.0:*:*:*:*:*:*:*
sitecorecms5.3.1cpe:2.3:a:sitecore:cms:5.3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sitecore	cms	5.3.0	cpe:2.3:a:sitecore:cms:5.3.0:::::::*
sitecore	cms	5.3.1	cpe:2.3:a:sitecore:cms:5.3.1:::::::*

References

sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205%2C-d-%2C3/ReleaseNotes/V5%2C-d-%2C3%2C-d-%2C2/ChangeLog.aspx

secunia.com/advisories/34356

www.securityfocus.com/archive/1/501929/100/0/threaded

www.securityfocus.com/bid/34162

www.vupen.com/english/advisories/2009/0753

exchange.xforce.ibmcloud.com/vulnerabilities/49298

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.002

Percentile

53.2%

JSON

Related for CVE-2009-1055