Security Bulletin SC2016-003-136430

Expand all | Collapse all

  • Description

    Collapse

    We are reporting a Critical vulnerability (SC2016-003-136430), for an open source component (Sitecore PowerShell Extensions), which the Sitecore Experience Accelerator is dependent upon. You are also at risk if you used the open source Sitecore PowerShell Extensions module in other projects.

    Please note that the Sitecore PowerShell Extensions module is not distributed with Sitecore software and is not a part of the default Sitecore Installation.

    We encourage Sitecore customers and partners to familiarize themselves with the information below and apply the recommended fix to all affected Sitecore systems.

    If you would like to receive notifications about new Security Bulletins, please subscribe to the Security Bulletins RSS Feed.

  • Severity Definitions

    Collapse

  • Versions

    Collapse

    Versions affected

    Vulnerability 2016-003-136430 affects the following versions of Sitecore that have the Sitecore PowerShell Extensions module installed:

    • All versions of Sitecore 7.0—8.2 with Sitecore PowerShell Extensions versions 3.0—4.2
    • All versions of Sitecore 6.x—7.x with Sitecore PowerShell Extensions up to version 2.8

    This vulnerability impacts all Sitecore systems running the above-mentioned versions. This includes CMS-only and xDB-enabled modes, single-instance and multi-instance environments, and all Sitecore server roles (content delivery, content management, reporting, processing, publishing, etc). It also impacts Sitecore-based intranet sites.

  • Fix for Sitecore 7.0—8.2

    Collapse

  • More Information

    Collapse

  • History

    Collapse
    • 11-Sep-19: a link to Security Bulletins RSS Feed was added.
    • 24-Dec-19: Applies To field has been updated to correspond the article text.

Applies to:

CMS 6.0 - 8.2, SXA 1+

December 13, 2016
December 24, 2019

Reference number:

136430

Keywords: 

  • Security Vulnerabilities,
  • SXA