Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
CPE | Name | Operator | Version |
---|---|---|---|
experience_platform | lt | 9.1.1 |