According to evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) has two six-year-old security flaws that affect Sitecore CMS and Experience Platform (XP ) to its Known Exploited Vulnerabilities ( ) list.
Below are the threats listed.
- CVE-2019-9874 ( CVSS score: 9.8 )- A deserialization vulnerability in the Sitecore. Security. An antiCSRF component that makes it possible for an unauthenticated hacker to execute arbitrary code by sending a serialized.NET image through the HTTP POST feature __CSRFTOKEN.
- CVE-2019-9875 ( CVSS score: 8.8 )- A deserialization vulnerability in the Sitecore. Security. An antiCSRF module that makes it possible for an authenticated attacker to execute arbitrary code by sending a serialized.NET object through the HTTP POST parameter __CSRFTOKEN__ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Although SiteCore stated in an update shared on March 30, 2020, that it became “aware of effective abuse” of CVE-2019-9874, there are no current information on how the defects are being systematically abused in the wild or by whom. The firm of the exploitation of CVE-2019-9875.
Federal agencies must implement the necessary areas to secure their systems by April 16, 2025, in lighting of energetic abuse.
Akamai announced the development as it confirmed it had observed first exploit attempts to look for a recently discovered security flaw that might affect the Next. js web framework ( , CVSS score: 9.1 ).
By spoofing the header “xmiddleware subrequest,” which is used to manage interior request flows, an attacker could pass an authorization bypass vulnerability and circumvent middleware-based security checks with a powerful exploitation. According to Raphael Silva of Checkmarx, this could lead to unauthorized access to sensitive program resources.
The internet network company that one of the most significant techniques is to use the x-middleware-request folder with the values src/middleware: src/middleware: src/middleware: src/middleware: src/middleware: src/middleware: src/middleware.
This method simulates several inner subrequests that trigger Then within a individual request. domestic redirection logic in js that resembles a number of publicly accessible .
The disclosures also come in response to a GreyNoise about effective exploitation attempts made against a number of known vulnerabilities in DrayTek devices.
The risk intelligence agency claimed it has seen in-the-wild action against the below CVE names.
- CVE-2020-8515 ( CVSS score: 9.8 ) — A vulnerability in the operating system’s ( CVSS score ) that could allow for remote code to be executed as root using shell metacharacters from cgi-bin/mainfunction in several DrayTek router models. graphics URI
- A local file inclusion vulnerability in DrayTek VigorConnect ( CVSS score: 7.5 ) could be used by an unauthenticated attacker to download arbitrary files from the underlying operating system using the DownloadFileServlet endpoint.
- A local file inclusion vulnerability in DrayTek VigorConnect ( CVSS score: 7.5 ) could make it possible for an unauthenticated attacker to download arbitrary files from the underlying operating system using root privileges via the WebServlet endpoint.
Indonesia, Hong Kong, and the United States have been identified as the best destinations for CVE-2020-8515, while Lithuania, the United States, and Singapore have been targeted as part of problems using CVE-2021-20123 and CVE-2021-20124.