CVE-2023-27068

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx...

CVE-2023-27068

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx...

CVE-2023-27068

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx...

Deserialization of untrusted data

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx...

CVE-2023-27068

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx...

CVE-2023-27068

CVE-2023-27068 affects Sitecore Experience Platform (XP) up to and including version 10.2. The issue is a deserialization of untrusted data via ValidationResult.aspx that enables remote code execution. Remediation: upgrade to Sitecore XP 10.2 or later (per PT-2023-20930). No exploitation details ...

PT-2023-20930 · Sitecore · Sitecore Experience Platform

Name of the Vulnerable Software and Affected Versions: Sitecore Experience Platform versions prior to 10.2 Description: The issue allows remote attackers to run arbitrary code. This is due to the deserialization of untrusted data. The exploitation occurs via ValidationResult.aspx. Recommendations...