CVE-2023-27068

CRITICAL

9.8

Beschreibung

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht5/23/2023

Zuletzt geandert1/28/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

sitecore:experience_platform

Schwachen (CWE)

CWE-502CWE-502

Referenzen

https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner(cve@mitre.org)

https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes(cve@mitre.org)

https://www.sitecore.com/products/sitecore-experience-platform(cve@mitre.org)

https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner(af854a3a-2127-422b-91ae-364da2661108)

https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes(af854a3a-2127-422b-91ae-364da2661108)

https://www.sitecore.com/products/sitecore-experience-platform(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.