File Download Vulnerability in Sitecore Experience Platform and CMS
CVE-2015-10142

6.9MEDIUM

What is CVE-2015-10142?

The Sitecore Experience Platform (XP) versions prior to 8.0 Initial Release and Sitecore CMS versions prior to 7.2 Update-3 and 7.5 Update-1 contain a vulnerability that permits an attacker with knowledge of certain file names to download files located within the web root. While the exposure does not permit access to .config, .aspx, or .cs files, the risk of unauthorized file access highlights the need for timely updates and patching to protect sensitive data.

Affected Version(s)

Content Management System (CMS) * < 7.2 Update-3 (rev. 141226)

Content Management System (CMS) * < 7.5 Update-1 (rev. 150130)

Experience Platform (XP) * < 8.0 Initial Release (rev. 141212)

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sitecore
.
CVE-2015-10142 : File Download Vulnerability in Sitecore Experience Platform and CMS