7.5
CVE-2023-33651
- EPSS 0.43%
- Veröffentlicht 06.06.2023 19:15:12
- Zuletzt bearbeitet 08.01.2025 17:15:12
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sitecore ≫ Experience Commerce Version >= 9.0 <= 10.3
Sitecore ≫ Experience Manager Version >= 9.0 <= 10.3
Sitecore ≫ Experience Platform Version >= 9.0 <= 10.3
Sitecore ≫ Managed Cloud Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.621 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.