Vulnerabilities > CVE-2023-33651 - Incorrect Authorization vulnerability in Sitecore products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sitecore

CWE-863

NVD

Published: 2023-06-06

Updated: 2023-06-16

Summary

An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.

Vulnerable Configurations

Part	Description	Count
Application	Sitecore Sitecore Experience Commerce 9.0 Sitecore Experience Commerce 10.0 Sitecore Experience Commerce 10.3 Sitecore Experience Manager 9.0 Sitecore Experience Manager 9.1 Sitecore Experience Manager 9.2 Sitecore Experience Manager 9.3 Sitecore Experience Manager 10.1 Sitecore Experience Manager 10.2 Sitecore Experience Manager 10.3 Sitecore Experience Platform 9.0 Sitecore Experience Platform 9.1 Sitecore Experience Platform 9.1.1 Sitecore Experience Platform 9.2 Sitecore Experience Platform 9.3 Sitecore Experience Platform 10.0 Sitecore Experience Platform 10.1 Sitecore Experience Platform 10.2 Sitecore Experience Platform 10.3 Sitecore Managed Cloud -	34

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References