Vulnerability Details CVE-2019-12440
The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc...bd9ba6a
- https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149
- https://kb.sitecore.net/articles/842902
- https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc...bd9ba6a
- https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149
- https://kb.sitecore.net/articles/842902
Products affected by CVE-2019-12440
-
cpe:2.3:a:sitecore:rocks:1.1.0
-
cpe:2.3:a:sitecore:rocks:1.2.0
-
cpe:2.3:a:sitecore:rocks:1.2.5
-
cpe:2.3:a:sitecore:rocks:1.2.6
-
cpe:2.3:a:sitecore:rocks:1.3.0
-
cpe:2.3:a:sitecore:rocks:1.3.1
-
cpe:2.3:a:sitecore:rocks:1.3.5
-
cpe:2.3:a:sitecore:rocks:1.4.0
-
cpe:2.3:a:sitecore:rocks:1.5.0
-
cpe:2.3:a:sitecore:rocks:1.5.1.7
-
cpe:2.3:a:sitecore:rocks:2.0.0-32
-
cpe:2.3:a:sitecore:rocks:2.0.32
-
cpe:2.3:a:sitecore:rocks:2.0.39
-
cpe:2.3:a:sitecore:rocks:2.0.54
-
cpe:2.3:a:sitecore:rocks:2.0.59
-
cpe:2.3:a:sitecore:rocks:2.1.126
-
cpe:2.3:a:sitecore:rocks:2.1.130
-
cpe:2.3:a:sitecore:rocks:2.1.69
-
cpe:2.3:a:sitecore:rocks:2.1.86