Versions affected
Vulnerability SC2016-002-136135 affects all versions of Sitecore 7.2, 7.5, 8.0, 8.1 and 8.2.
This vulnerability impacts all Sitecore systems running the above mentioned versions. This includes CMS-only and xDB enabled modes, single-instance and multi-instance environments, and all Sitecore server roles (content delivery, content management, reporting, processing, publishing, etc). It also impacts Sitecore-based intranet sites.
A hotfix is available for all affected versions.
Versions not affected
Currently supported Sitecore CMS versions 6.3—7.1 are not vulnerable. Sitecore xDB Cloud environments are not affected as appropriate fix has been implemented.
The vulnerability has been fixed in Sitecore XP 8.2 Update-2.