CVE-2009-1055

Published Mar 24, 2009

Last updated a year ago

Overview

Description: Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sitecore:cms:5.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20271A9D-C591-4206-AF17-9170BA32C70E"
          },
          {
            "criteria": "cpe:2.3:a:sitecore:cms:5.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FADD8B45-3408-454B-BB24-C9E51CDC05D7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References