CVE-2023-35813
📊 9.8 CRITICAL⚡ 93.5%🎯 2 exploits
📅 Published Jun 17, 2023
📋 Status: Modified
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
CVSS v3.1 • NVD
🎯 Affected Products & Systems
4 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | sitecore | experience commerce | ≥ 8.2 ∧ ≤ 10.3 | Vulnerable | cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:* |
📱App | sitecore | experience manager | ≥ 8.2 ∧ ≤ 10.3 | Vulnerable | cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:* |
📱App | sitecore | experience platform | ≥ 8.2 ∧ ≤ 10.3 | Vulnerable | cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:* |
📱App | sitecore | managed cloud | ≥ 8.2 ∧ ≤ 10.3 | Vulnerable | cpe:2.3:a:sitecore:managed_cloud:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: ≥ 8.2 ∧ ≤ 10.3
CPE:
cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 8.2 ∧ ≤ 10.3
CPE:
cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 8.2 ∧ ≤ 10.3
CPE:
cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 8.2 ∧ ≤ 10.3
CPE:
cpe:2.3:a:sitecore:managed_cloud:*:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
ModifiedCVSS Details
9.8 (CRITICAL)v3.1
Source: [email protected]
EPSS Details
93.5% (Critical)99.8th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Jun 17, 2023 (2 years ago)
Last Modified
Dec 17, 2024 (10 months ago)
Security Weaknesses2
CWE-94
Available exploits (2)
References2
NVDpatch