Versions affected
Vulnerability SC2016-001-128003 affects all versions of Sitecore XP 7.5, all versions of XP 8.0, all versions of XP 8.1, and Initial Release of XP 8.2.
Vulnerability is applicable to all Sitecore systems running affected versions. This includes CMS-only and xDB-enabled modes, single-instance and multi-instance environments, and all Sitecore server roles (content delivery, content editing, reporting, processing, publishing, etc.). It is also applicable to non-externally accessible Sitecore environments, such as intranets.
A hotfix is available for all affected Sitecore versions.
Versions not affected
Currently supported Sitecore CMS versions 6.3—7.2 are not vulnerable.
The vulnerability has been fixed in Sitecore XP 8.2 Update-1.
Sitecore xDB Cloud environments are not affected as appropriate fix has already been implemented.