CISA Adds Two Six-Year-Old Sitecore Vulnerabilities to Known Exploited Vulnerabilities Catalog
CybersecurityCISASitecoreVulnerabilitiesExploitationCMSExperiencePlatformKEVDeserializationSecurityFlaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security vulnerabilities affecting Sitecore's CMS and Experience Platform (XP) to its catalog of known exploited vulnerabilities (KEV), due to evidence of active exploitation. The vulnerabilities include CVE-2019-9874 (CVSS score: 9.8), a deserialization flaw in Sitecore.Security.AntiCSRF. These vulnerabilities pose a high risk of active exploitation.