CVE-2023-27068

CRITICAL

9.8

Description

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie5/23/2023

Derniere modification1/28/2025

Sourcenvd

Observations honeypot0

Produits affectes

sitecore:experience_platform

Faiblesses (CWE)

CWE-502CWE-502

References

https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner(cve@mitre.org)

https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes(cve@mitre.org)

https://www.sitecore.com/products/sitecore-experience-platform(cve@mitre.org)

https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner(af854a3a-2127-422b-91ae-364da2661108)

https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes(af854a3a-2127-422b-91ae-364da2661108)

https://www.sitecore.com/products/sitecore-experience-platform(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.