Lucene search

[email protected]CVE-2023-27067

HistoryMay 22, 2023 - 7:15 p.m.

CVE-2023-27067

2023-05-2219:15:09

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-27067

directory traversal

sitecore experience platform

nvd

vulnerability

security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx

Affected configurations

NVD

Node

sitecoreexperience_platformRange≤10.2

CPENameOperatorVersion
sitecore:experience_platformsitecore experience platformle10.2

CPE	Name	Operator	Version
sitecore:experience_platform	sitecore experience platform	le	10.2

References

blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner

dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for CVE-2023-27067

prion1 nvd1 cvelist1