CVE-2023-35813

Name of the Vulnerable Software and Affected Versions Sitecore Experience Manager versions through 10.3 Sitecore Experience Platform versions through 10.3 Sitecore Experience Commerce versions through 10.3

Description Multiple Sitecore products are affected by a remote code execution issue. This allows for the execution of arbitrary code on affected systems. An actor is actively exploiting this issue, with detections observed from AS 55836 (Reliance Jio Infocomm Limited) using NetNut Residential Proxy addresses. A state health corporation with annual revenue between $1 and $1.5 billion USD has been targeted, and details about the exploitation of the ASP.NET TemplateParser are available. The vulnerability resides in the processing of ASP.NET templates. The TemplateParser component is vulnerable. No specific API endpoints or vulnerable parameters are mentioned.

Recommendations For Sitecore Experience Manager versions through 10.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Sitecore Experience Platform versions through 10.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Sitecore Experience Commerce versions through 10.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.