CVE-2019-12440

CVE-2019-12440

EPSS 2.1%

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc...bd9ba6a https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149 https://kb.sitecore.net/articles/842902