An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HKentico Xperience
APPKentico9.0.0 – 9.0.5110.0.0 – 10.0.52 (bez)11.0.0 – 11.0.48 (bez)12.0.0 – 12.0.15 (bez)
CISA KEV — detailsi
- Vendori
- Kentico
- Producti
- Xperience
- Added to KEVi
- March 25, 2022
- Remediation deadline (US Federal)i
- April 15, 2022(overdue)
Apply updates per vendor instructions.
Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.
Related vulnerabilities
Kentico Xperience – pominięcie uwierzytelnienia w Staging Sync Server
Kentico Xperience — Authentication Bypass w komponencie Staging Sync Server
Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medial...
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator acces...
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to ...