CVE-2023-27068

CVSS V2 None CVSS V3 None

Description

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.

Overview

CVE ID
CVE-2023-27068

Assigner
cve@mitre.org

Vulnerability Status
Received

Published Version
2023-05-23T01:15:09

Last Modified Date
2023-05-23T01:15:09

References

Reference URL	Reference Tags
https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner
https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes
https://www.sitecore.com/products/sitecore-experience-platform

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-27068
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27068

History

Created	Old Value	New Value	Data Type	Notes
2023-05-23 02:00:34				Added to TrackCVE