Versions affected
Vulnerability SC2019-001-302938 affects all versions of Sitecore XP 8.2, all versions of XP 9.0, and Initial Release of XP 9.1.
Vulnerability is applicable to all Sitecore systems running affected versions. This includes CMS-only and xDB-enabled modes, single-instance and multi-instance environments, Managed Cloud environments, and all Sitecore server roles (content delivery, content editing, reporting, processing, publishing, etc.), which are exposed to the internet and have the pages under /sitecore/admin path accessible to Sitecore users.
A hotfix/patch is available for all affected Sitecore XP versions.
Versions not affected
Sitecore CMS/XP versions 6.3—8.1 are not vulnerable.
Sitecore xDB Cloud environments are not affected.
The issue has been fixed in Sitecore XP 9.1 Update-1.