Directory Traversal Vulnerability in Sitecore Experience Platform
CVE-2023-27066

6.5MEDIUM

Key Information:

Vendor: Sitecore
Status: Experience Platform
Vendor: CVE Published:; 22 May 2023

What is CVE-2023-27066?

A directory traversal vulnerability in Sitecore Experience Platform version 10.2 and earlier enables authenticated remote attackers to exploit the URL handling feature. This flaw allows the attackers to gain unauthorized access to files on the server, potentially downloading sensitive information that should be protected. Proper safeguarding measures and timely updates are essential to mitigate the risk associated with this vulnerability.

References

https://dev.sitecore.net/Downloads/Sitecore%20Experience%...

https://blogs.night-wolf.io/0-day-vulnerabilities-at-site...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2023
Vulnerability Reserved
Feb 27, 2023