Lucene search

K
nvd[email protected]NVD:CVE-2023-27067
HistoryMay 22, 2023 - 7:15 p.m.

CVE-2023-27067

2023-05-2219:15:09
CWE-22
web.nvd.nist.gov
5
sitecore
exploit
cve-2023-27067
directory traversal
download.aspx
security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

71.7%

Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx

Affected configurations

Nvd
Node
sitecoreexperience_platformRange10.2
VendorProductVersionCPE
sitecoreexperience_platform*cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

71.7%

Related for NVD:CVE-2023-27067