Remote Code Execution via Deserialization in Sitecore Experience Platform (XP) prior to 9.1.1
CVE-2019-11080 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
Learn more about our User Device Pen Test.