CVE-2023-33651

An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.

Published: Jun 6, 2023
Updated: Jun 17, 2023
CVE: CVE-2023-33651
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
sitecore / experience_commerce	9.0	10.3.x
sitecore / experience_manager	9.0	10.3.x
sitecore / experience_platform	9.0	10.3.x

https://blog.assetnote.io/2023/05/10/sitecore-round-two/
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002925

Vulnerability Database

289,871

CVE-2023-33651