CVE-2023-33652
First published: Tue Jun 06 2023(Updated: )
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sitecore | =9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Sitecore Experience Platform (XP) vulnerability?
The vulnerability ID for this Sitecore Experience Platform (XP) vulnerability is CVE-2023-33652.
What is the severity of vulnerability CVE-2023-33652?
The severity of vulnerability CVE-2023-33652 is high with a severity value of 8.8.
What is the affected software version for vulnerability CVE-2023-33652?
The affected software version for vulnerability CVE-2023-33652 is Sitecore Experience Platform v9.3.
How does vulnerability CVE-2023-33652 impact Sitecore Experience Platform (XP)?
Vulnerability CVE-2023-33652 impacts Sitecore Experience Platform (XP) by allowing authenticated remote code execution (RCE) via the component /sitecore/shell/Invoke.aspx.
Is there a fix available for vulnerability CVE-2023-33652?
Yes, a fix is available for vulnerability CVE-2023-33652. It is recommended to update Sitecore Experience Platform (XP) to a patched version to mitigate the risk.
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/sitecore
- canonical/sitecore
- version/sitecore/9.3