An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
References
Link | Resource |
---|---|
https://blog.assetnote.io/2023/05/10/sitecore-round-two/ | Exploit Third Party Advisory |
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925 | Vendor Advisory |
https://blog.assetnote.io/2023/05/10/sitecore-round-two/ | Exploit Third Party Advisory |
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.assetnote.io/2023/05/10/sitecore-round-two/ - Exploit, Third Party Advisory | |
References | () https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925 - Vendor Advisory |
16 Jun 2023, 16:54
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sitecore experience Manager
Sitecore experience Platform Sitecore Sitecore experience Commerce Sitecore managed Cloud |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-863 | |
References | (MISC) https://blog.assetnote.io/2023/05/10/sitecore-round-two/ - Exploit, Third Party Advisory | |
References | (MISC) https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925 - Vendor Advisory | |
CPE | cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:* cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:* cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:* cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:* |
06 Jun 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-06 19:15
Updated : 2024-11-21 08:05
NVD link : CVE-2023-33651
Mitre link : CVE-2023-33651
CVE.ORG link : CVE-2023-33651
JSON object : View
Products Affected
sitecore
- managed_cloud
- experience_manager
- experience_platform
- experience_commerce
CWE
CWE-863
Incorrect Authorization