CVE-2009-1055

high

Description

Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/49298

http://www.vupen.com/english/advisories/2009/0753

http://www.securityfocus.com/bid/34162

http://www.securityfocus.com/archive/1/501929/100/0/threaded

http://secunia.com/advisories/34356

http://sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205%2C-d-%2C3/ReleaseNotes/V5%2C-d-%2C3%2C-d-%2C2/ChangeLog.aspx

Details

Source: Mitre, NVD

Published: 2009-03-24

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00335