An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
References
Link | Resource |
---|---|
https://blog.assetnote.io/2023/05/10/sitecore-round-two/ | Exploit Third Party Advisory |
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Jun 2023, 16:54
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:* cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:* cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:* cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:* |
|
First Time |
Sitecore experience Platform
Sitecore managed Cloud Sitecore experience Manager Sitecore Sitecore experience Commerce |
|
References | (MISC) https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925 - Vendor Advisory | |
References | (MISC) https://blog.assetnote.io/2023/05/10/sitecore-round-two/ - Exploit, Third Party Advisory |
06 Jun 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-06 19:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-33651
Mitre link : CVE-2023-33651
CVE.ORG link : CVE-2023-33651
JSON object : View
Products Affected
sitecore
- managed_cloud
- experience_platform
- experience_manager
- experience_commerce
CWE
CWE-863
Incorrect Authorization