Sitecore Experience Platform Pre-Auth RCE by Shubham Shah | PT SWARM

Sitecore Experience Platform Pre-Auth RCE

by Shubham Shah

In this blog post, research team detail a pre-authentication RCE vulnerability that affects Sitecore XP versions from 7.5 Initial Release to Sitecore XP 8.2 Update-7.
Sitecore’s Experience Platform (XP) is an enterprise content management system (CMS). This CMS is used heavily by enterprises, including many of the companies within the fortune 500.
The vulnerability is applicable to all Sitecore systems running affected versions, including single-instance and multi-instance environments, Managed Cloud environments, and all Sitecore server roles (Content Delivery, Content Editing, Reporting, Processing, etc.), which are exposed to the Internet.

Contents:
• Intro
• What is Sitecore Experience Platform?
• Mapping out the attack surface
• Discovering the RCE
• Remediation Advice
• Conclusion

https://blog.assetnote.io/2021/11/02/sitecore-rce/

PT SWARM

🦹 2.98K
Technologies

Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...

Join
▲ Vote (1)

Sitecore Experience Platform Pre-Auth RCE by Shubham Shah | PT SWARM

Login