Versions affected
Vulnerability SC2020-002-293863 affects the following Sitecore XP versions:
- Sitecore XP 9.1 Initial Release
- Sitecore XP 9.0 Update-2
- Sitecore XP 9.0 Update-1
- Sitecore XP 9.0 Initial Release
This includes CMS-only and xDB-enabled modes, single-instance and multi-instance environments, Managed Cloud environments, and all Sitecore server roles (content delivery, content editing, reporting, processing, publishing, etc.).
A hotfix is available for all affected Sitecore XP versions.
Versions not affected
Sitecore XP versions 9.1 Update-1 and later are not affected by this vulnerability.
Sitecore XP versions 8.2 and earlier are not affected by this vulnerability.
Important note!
Sitecore XP versions 8.2 and earlier are affected by the related Critical vulnerability SC2019-002-312864. Sitecore recommends immediately applying a fix for Critical vulnerability SC2019-002-312864 which is documented in Security Bulletin SC2019-002-312864