03 November 2021 at 13:45 UTC
Up to date: 03 November 2021 at 13:46 UTC
Vendor replace is obtainable now
A distant code execution vulnerability has been present in enterprise CMS product Sitecore XP that would go away all unpatched cases open to abuse.
Sitecore is an enterprise content material administration system (CMS), which in keeping with researchers from Assetnote has an estimated 4,500 prospects, together with Fortune 500 corporations.
They found the vulnerability whereas probing Sitecore’s assault floor throughout a shopper engagement.
A blog post revealed yesterday (November 2) consists of full technical particulars.
The vulnerability is pending a CVE quantity however is being tracked by the seller as SC2021-003-499266.
It impacts all Sitecore methods working affected variations, together with single-instance and multi-instance environments, managed cloud environments, and all Sitecore server roles (content material supply, content material modifying, reporting, processing, and so on), that are uncovered to the web.
To remediate the issue, Assetnote suggested customers to “merely take away the file from ”, and pointed to Sitecore’s security advisory.
Sitecore has suggested customers to improve to model 9.0.0 or larger which protects towards the vulnerability.
The Each day Swig has reached out to Assetnote for extra data and can replace this text accordingly.