NVD disclosure day

Published threat advisories for May 31, 2019

CVE advisoryKnown Exploit

CVE-2019-9875

Sitecore CMS: Authenticated Attacker Can Execute Code

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A deserialization vulnerability in Sitecore's anti-CSRF module allows an authenticated attacker to execute arbitrary code. This could lead to unauthorized system access and disruption of business operations, posing a significant business risk. Organizations should identify affected systems and apply vendor-provided fix

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2019-9874

Sitecore CMS and XP Code Execution Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A deserialization flaw in Sitecore's security module allows unauthenticated attackers to execute arbitrary code by sending a serialized .NET object. This impacts Sitecore CMS and XP systems, posing a business risk of unauthorized code execution and potential system compromise. Organizations should apply vendor fixes to

NVD published: • CISA KEV