Information Disclosure in Sitecore CMS Web Service
CVE-2009-1055

Currently unrated

Key Information:

Vendor: Sitecore
Status: Cms
Vendor: CVE Published:; 24 March 2009

What is CVE-2009-1055?

An unspecified vulnerability in the Sitecore CMS web service enables remote authenticated users to gain unauthorized access to security databases. This exposure allows attackers to obtain administrative and user credentials through manipulated SOAP and XML requests, potentially compromising sensitive system information and user accounts.

References

http://www.securityfocus.com/archive/1/501929/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2009/0753

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/49298

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2009
Vulnerability Reserved
Mar 24, 2009