Vulnerabilities > CVE-2023-33652 - Unsafe Reflection vulnerability in Sitecore Experience Platform 9.3

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sitecore

CWE-470

NVD

Published: 2023-06-06

Updated: 2023-06-14

Summary

Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.

Vulnerable Configurations

Part	Description	Count
Application	Sitecore Sitecore Experience Platform 9.3	1

Common Weakness Enumeration (CWE)

CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

References

https://blog.assetnote.io/2023/05/10/sitecore-round-two/