Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.
References
Link | Resource |
---|---|
https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner | Exploit Third Party Advisory |
https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes | Release Notes |
https://www.sitecore.com/products/sitecore-experience-platform | Product |
Configurations
History
30 May 2023, 18:27
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:* | |
CWE | CWE-502 | |
References | (MISC) https://www.sitecore.com/products/sitecore-experience-platform - Product | |
References | (MISC) https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes - Release Notes | |
References | (MISC) https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner - Exploit, Third Party Advisory |
23 May 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-23 01:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-27068
Mitre link : CVE-2023-27068
CVE.ORG link : CVE-2023-27068
JSON object : View
Products Affected
sitecore
- experience_platform
CWE
CWE-502
Deserialization of Untrusted Data