SecuritySpace - CVE-2019-10068

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2019-10068

Description: An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.

Test IDs: 1.3.6.1.4.1.25623.1.0.113366

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-10068
http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html
https://devnet.kentico.com/download/hotfixes#securityBugs-v12

CVE ID:	CVE-2019-10068
Description:	An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.
Test IDs:	1.3.6.1.4.1.25623.1.0.113366
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10068 http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html https://devnet.kentico.com/download/hotfixes#securityBugs-v12