1. CVE-Search
  2. CVE-2009-1055
ID CVE-2009-1055
Summary Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests.
References
Vulnerable Configurations
  • cpe:2.3:a:sitecore:cms:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:sitecore:cms:5.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sitecore:cms:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:sitecore:cms:5.3.1:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 10-10-2018 - 19:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
bid 34162
bugtraq 20090317 Sitecore .NET 5.3.x - web service information disclosure
confirm http://sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205,-d-,3/ReleaseNotes/V5,-d-,3,-d-,2/ChangeLog.aspx
secunia 34356
vupen ADV-2009-0753
xf sitecore-web-service-info-disclosure(49298)
Last major update 10-10-2018 - 19:32
Published 24-03-2009 - 14:30
Last modified 10-10-2018 - 19:32
Back to Top