Versions affected:
Vulnerability 2017-001-170504 affects all supported versions of the Sitecore Web Experience Manager and Sitecore® Experience Platform™ 6.5–8.2, and the Sitecore xDB Cloud environment. Versions after 8.2 Update-4 are not affected, and do not require a hotfix.
This vulnerability affects all of the Sitecore systems running these versions. This includes both CMS-only and xDB-enabled modes, single-instance, multi-instance environments, and all Sitecore server roles (Content Delivery, Content Management, Reporting, Processing, Publishing, and so on). It also impacts Sitecore-based intranet sites.
With the exception of Sitecore CMS 6.5, a hotfix is available for all affected versions. Sitecore xDB Cloud environments have been patched.
Due to technical limitations in providing a hotfix for Sitecore CMS 6.5, customers using that version are strongly encouraged to upgrade to Sitecore CMS 6.6, which is the earliest currently supported version of Sitecore.