Vulnerability CVE-2023-35813 - Russian Vulnerability Scanner Database

Scores

EPSS

0.935high93.5%

0%20%40%60%80%100%

Percentile: 93.5%

CVSS

9.8critical3.x

0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x

9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.

Sources

nvd

CWEs

CWE-94

Exploits

Exploit ID: CVE-2023-35813

Source: github-poc

URL: https://github.com/Rezy-Dev/CVE-2023-35813

Vulnerable Software (4)

Type: Configuration

Vendor: *

Product: experience_commerce

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:managed_cloud:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: experience_manager

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:managed_cloud:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: experience_platform

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:managed_cloud:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: managed_cloud

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:sitecore:managed_cloud:*:*:*:*:*:*:*:*",      "versionEndIncluding": "10.3",      "versionStartIncluding": "8.2",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list

Russian Vulnerability Scanner Database

CVE-2023-35813

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Exploits

Vulnerable Software (4)