Unauthenticated File Read Vulnerability in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC)
CVE-2024-46938

7.5HIGH

Key Information:

Vendor: Sitecore
Status: Experience Commerce; Experience Platform; Experience Manager
Vendor: CVE Published:; 15 September 2024

What is CVE-2024-46938?

A vulnerability exists in the Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) from version 8.0 Initial Release through 10.4 Initial Release, where an unauthenticated attacker can exploit this flaw to read arbitrary files on the server. This exposure can lead to unauthorized data access, potentially compromising sensitive information contained within the affected systems. Organizations utilizing these versions are advised to implement necessary security measures and monitor for unusual access patterns to mitigate risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://support.sitecore.com/kb?id=kb_article_view&syspar...

EPSS Score

93% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 15, 2024
Vulnerability Reserved
Sep 15, 2024

JSON

Sitecore

What is CVE-2024-46938?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.