6 matches found
Sitecore Experience Platform - Deserialization of Untrusted Data
Sitecore Experience Platform before 8.2 Update-7 and 9.0 before Update-2 is vulnerable to a remote code execution vulnerability CVE-2019-9874. An attacker can exploit this issue to execute arbitrary code on the affected system via a crafted request to the...
CVE-2019-9874
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF aka anti CSRF module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...
CVE-2019-9874
creationtimestamp| type| source ---|---|--- 2025-03-26 18:45:16+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llcgyjkq4x2s 2025-03-26 19:05:11+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llci45jqpj2n 2025-03-26 21:39:21+00:00| seen|...
CVE-2019-9874
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF aka anti CSRF module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...
CVE-2019-9874
CVE-2019-9874 affects Sitecore CMS 7.0–7.2 and Sitecore XP 7.5–8.2 via the Sitecore.Security.AntiCSRF deserialization module. An unauthenticated attacker can trigger remote code execution by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN**, exploiting untrusted data deser...
CVE-2019-9874
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF aka anti CSRF module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN. Recent assessments:...