PT-2023-24433 · Sitecore · Sitecore Experience Platform

Dylan Pindur

Publicado

2023-06-06

Atualizado

2025-01-08

CVE-2023-33652

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sitecore Experience Platform (XP) version 9.3

Description The issue is an authenticated remote code execution (RCE) vulnerability. It can be exploited via the component /sitecore/shell/Invoke.aspx.

Recommendations For Sitecore Experience Platform (XP) version 9.3, consider restricting access to the /sitecore/shell/Invoke.aspx component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-470

Identificadores relacionados

CVE-2023-33652

Produtos afetados

Sitecore Experience Platform

PT-2023-24433 · Sitecore · Sitecore Experience Platform

CVE-2023-33652

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5