// For flags

CVE-2023-33651

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-05-22 CVE Reserved
  • 2023-06-06 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • 2024-11-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-863: Incorrect Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sitecore
Search vendor "Sitecore"
 Experience Commerce
Search vendor "Sitecore" for product "Experience Commerce"
 >= 9.0 <= 10.3
Search vendor "Sitecore" for product "Experience Commerce" and version " >= 9.0 <= 10.3"
-
Affected
Sitecore
Search vendor "Sitecore"
 Experience Manager
Search vendor "Sitecore" for product "Experience Manager"
 >= 9.0 <= 10.3
Search vendor "Sitecore" for product "Experience Manager" and version " >= 9.0 <= 10.3"
-
Affected
Sitecore
Search vendor "Sitecore"
 Experience Platform
Search vendor "Sitecore" for product "Experience Platform"
 >= 9.0 <= 10.3
Search vendor "Sitecore" for product "Experience Platform" and version " >= 9.0 <= 10.3"
-
Affected
Sitecore
Search vendor "Sitecore"
 Managed Cloud
Search vendor "Sitecore" for product "Managed Cloud"
--
Affected