Remote Code Execution Vulnerability in Sitecore Experience Manager and Platform
CVE-2023-35813

9.8CRITICAL

Key Information:

Vendor

Sitecore

Status
Experience Platform
Managed Cloud
Experience Commerce
Experience Manager
Vendor
CVE Published:
17 June 2023

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 93%

What is CVE-2023-35813?

Multiple Sitecore products are susceptible to a remote code execution vulnerability, which could allow an attacker to execute arbitrary code on the affected systems. This issue impacts the Experience Manager, Experience Platform, and Experience Commerce, with known vulnerabilities in versions preceding 10.3. Ensuring timely patching and system updates is crucial for safeguarding your applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-35813
Created by aalexpereira

CVE-2023-35813-PoC
Created by BagheeraAltered

CVE-2023-35813
Created by her3ticAVI

References

https://support.sitecore.com/kb?id=kb_article_view&syspar...

EPSS Score

93% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.