Sitecore Fixes Pre-Auth RCE Exploits in Enterprise CMS

Sitecore fixes pre-auth RCE exploits in enterprise CMS

: Hardcoded passwords and path traversals keeping bug hunters in work

Sitecore CMS exploit chain starts with hardcoded 'b' password

A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers.

Sitecore CMS flaw let attackers brute-force 'b' for backdoor

Hardcoded passwords and path traversals keeping bug hunters in work Security researchers have issued a warning about a pre-authentication exploit chain affecting a CMS used by some of the biggest companies in the world. . . .

Critical Vulnerabilities in Sitecore Could Lead to Widespread Enterprise Attacks

A series of newly disclosed critical vulnerabilities in the Sitecore Experience Platform (XP) have raised alarm across the enterprise technology sector, with security researchers warning that unpatched systems could be exposed to devastating remote code execution (RCE) attacks. Sitecore, a… Read more → The post Critical Vulnerabilities in Sitecore Could Lead to Widespread Enterprise Attacks appeared first on IT Security News.

Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated remote code execution. Sitecore Experience Platform is an enterprise-oriented software that provides users with tools for content management, digital marketing, and analytics and reports. The list of vulnerabilities, which are yet to be