Vulnerability in Sitecore Content Management System (Cms)

CVE-2015-10142

Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker…

EPSS: 0.004 (58.8th percentile) — read the EPSS interpretation.

Affected products

Sitecore Content Management System (Cms) — versions 0
Sitecore Experience Platform (Xp) — versions 0

Weakness classification (CWE)

CWE-610 — Externally Controlled Reference to a Resource in Another Sphere

References

support.sitecore.com/kb (vendor-advisory, patch)
support.sitecore.com/kb (vendor-advisory, patch)
www.vulncheck.com/advisories/sitecore-xp-cms-file-read-via-known-path (third-party-advisory)