RSS   Vulnerabilities for 'Kentico'   RSS

2019-03-26
 
CVE-2019-10068

CWE-502
 

 
An issue was discovered in Kentico before 12.0.15. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.

 
2019-02-08
 
CVE-2019-6242

CWE-255
 

 
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time.

 

 >>> Vendor: Kentico 2 Products
Kentico cms
Kentico


Copyright 2019, cxsecurity.com

 

Back to Top