Lucene search
K

Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

🗓️ 17 Jun 2025 10:33:00Reported by The Hacker NewsType 
thn
 thn
🔗 thehackernews.com👁 26 Views

Sitecore XP has hard-coded password flaws risking remote code execution in enterprise setups.

Related
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2019-9875
31 May 201900:00
attackerkb
ATTACKERKB
CVE-2019-9874
31 May 201900:00
attackerkb
BDU FSTEC
The vulnerability of the Sitecore.Security.AntiCSRF module of the Sitecore content management system and Sitecore XP allows attackers to execute arbitrary code.
20 Nov 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Sitecore Experience Platform (XP) and Sitecore Experience Manager (XM) content management systems, related to improper code generation, allows attackers to execute arbitrary code.
6 Jan 202600:00
bdu_fstec
BDU FSTEC
The vulnerability of the Sitecore Experience Manager (XM) and Experience Platform (XP) content management systems, related to the use of strictly encrypted user credentials, allows attackers to gain access to user accounts with administrative privileges.
12 Jan 202600:00
bdu_fstec
BDU FSTEC
The vulnerability of the Sitecore Experience Manager (XM), Experience Platform (XP), and the Experience Commerce (XC) platform for personalized purchasing processes lies in errors in processing the relative path to the catalog. This allows attackers to gain access to arbitrary files and execute arbitrary code.
12 Jan 202600:00
bdu_fstec
BDU FSTEC
The vulnerability of the Sitecore PowerShell Extensions module, related to unlimited loading of dangerous files, allows attackers to execute remote code.
26 Jan 202600:00
bdu_fstec
Circl
CVE-2019-9874
26 Mar 202518:45
circl
Circl
CVE-2019-9875
26 Mar 202518:45
circl
Circl
CVE-2025-27218
20 Feb 202506:41
circl
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

19 Jun 2025 03:14Current
8High risk
Vulners AI Score8
CVSS 3.19.8
CVSS 27.5
EPSS0.83857
SSVC
26