CVE-2023-33651
📊 7.5 HIGH⚡ 0.4%🎯 0 exploits
📅 Published Jun 6, 2023
📋 Status: Modified
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
CVSS v3.1 • NVD
🎯 Affected Products & Systems
4 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | sitecore | experience commerce | ≥ 9.0 ∧ ≤ 10.3 | Vulnerable | cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:* |
📱App | sitecore | experience manager | ≥ 9.0 ∧ ≤ 10.3 | Vulnerable | cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:* |
📱App | sitecore | experience platform | ≥ 9.0 ∧ ≤ 10.3 | Vulnerable | cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:* |
📱App | sitecore | managed cloud | All versions | Vulnerable | cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: ≥ 9.0 ∧ ≤ 10.3
CPE:
cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 9.0 ∧ ≤ 10.3
CPE:
cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 9.0 ∧ ≤ 10.3
CPE:
cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: All versions
CPE:
cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
NONE
Availability:
NONE
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
ModifiedCVSS Details
7.5 (HIGH)v3.1
Source: [email protected]
EPSS Details
0.4% (Minimal)59.6th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
Jun 6, 2023 (2 years ago)
Last Modified
Jan 8, 2025 (9 months ago)
Security Weaknesses2
CWE-863
References2
NVDgeneral