Deserialization Vulnerability in Sitecore Experience Platform 10.2
CVE-2023-27068

9.8CRITICAL

Key Information:

Vendor: Sitecore
Status: Experience Platform
Vendor: CVE Published:; 23 May 2023

What is CVE-2023-27068?

The Sitecore Experience Platform version 10.2 is susceptible to a deserialization vulnerability that enables remote attackers to execute arbitrary code. This flaw occurs through the improper handling of untrusted data in the ValidationResult.aspx endpoint, potentially allowing an attacker to gain unauthorized control over the affected system. Users and administrators of the Sitecore Experience Platform should apply necessary security patches and follow best practices to mitigate the risk of exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://dev.sitecore.net/Downloads/Sitecore%20Experience%...

https://www.sitecore.com/products/sitecore-experience-pla...

https://blogs.night-wolf.io/0-day-vulnerabilities-at-site...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 23, 2023
Vulnerability Reserved
Feb 27, 2023

JSON

Sitecore

What is CVE-2023-27068?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.