Vulnerability Description
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sitecore | Experience Platform | < 10.2 |
Related Weaknesses (CWE)
References
- https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesignerExploitThird Party Advisory
- https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/SitecoreRelease Notes
- https://www.sitecore.com/products/sitecore-experience-platformProduct
- https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesignerExploitThird Party Advisory
- https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/SitecoreRelease Notes
- https://www.sitecore.com/products/sitecore-experience-platformProduct
FAQ
What is CVE-2023-27068?
CVE-2023-27068 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.
How severe is CVE-2023-27068?
CVE-2023-27068 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-27068?
Check the references section above for vendor advisories and patch information. Affected products include: Sitecore Experience Platform.