Vulnerability Description
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sitecore | Experience Commerce | >= 9.0, <= 10.3 |
| Sitecore | Experience Manager | >= 9.0, <= 10.3 |
| Sitecore | Experience Platform | >= 9.0, <= 10.3 |
| Sitecore | Managed Cloud | - |
Related Weaknesses (CWE)
References
- https://blog.assetnote.io/2023/05/10/sitecore-round-two/ExploitThird Party Advisory
- https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925Vendor Advisory
- https://blog.assetnote.io/2023/05/10/sitecore-round-two/ExploitThird Party Advisory
- https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925Vendor Advisory
FAQ
What is CVE-2023-33651?
CVE-2023-33651 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypas...
How severe is CVE-2023-33651?
CVE-2023-33651 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33651?
Check the references section above for vendor advisories and patch information. Affected products include: Sitecore Experience Commerce, Sitecore Experience Manager, Sitecore Experience Platform, Sitecore Managed Cloud.