Vulnerabilities > Sitecore > Rocks

DATE CVE VULNERABILITY TITLE RISK
2019-05-29 CVE-2019-12440 Improper Authentication vulnerability in Sitecore Rocks
The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.
network
low complexity
sitecore CWE-287
7.5