CVE-2019-12440

Published: May 29, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.

Affected (1)

Products: Sitecore: Rocks

Sitecore

1 product

Rocks

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sitecore Rocks	Before 2.1.149

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc...bd9ba6a

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149

Source: cve@mitre.org

Release NotesThird Party Advisory

https://kb.sitecore.net/articles/842902

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc...bd9ba6a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://kb.sitecore.net/articles/842902

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.