An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
References
| Link | Resource |
|---|---|
| https://blog.assetnote.io/2023/05/10/sitecore-round-two/ | Exploit Third Party Advisory |
| https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Jun 2023, 16:54
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://blog.assetnote.io/2023/05/10/sitecore-round-two/ - Exploit, Third Party Advisory | |
| References | (MISC) https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CPE | cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:* cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:* cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:* cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:* |
|
| CWE | CWE-863 |
06 Jun 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-06 19:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-33651
Mitre link : CVE-2023-33651
CVE.ORG link : CVE-2023-33651
JSON object : View
Products Affected
sitecore
- managed_cloud
- experience_commerce
- experience_manager
- experience_platform
CWE
CWE-863
Incorrect Authorization