CVE-2019-12440

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
sitecorerocks
𝑥
< 2.1.149
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc...bd9ba6a
https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149
https://kb.sitecore.net/articles/842902
https://github.com/Sitecore/Sitecore.Rocks/compare/be79dcc...bd9ba6a
https://github.com/Sitecore/Sitecore.Rocks/releases/tag/2.1.149
https://kb.sitecore.net/articles/842902