Unauthenticated File Read Vulnerability in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC)
CVE-2024-46938

7.5HIGH

Key Information:

Vendor: Sitecore
Status: Experience Commerce; Experience Platform; Experience Manager
Vendor: CVE Published:; 15 September 2024

What is CVE-2024-46938?

A vulnerability exists in the Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) from version 8.0 Initial Release through 10.4 Initial Release, where an unauthenticated attacker can exploit this flaw to read arbitrary files on the server. This exposure can lead to unauthorized data access, potentially compromising sensitive information contained within the affected systems. Organizations utilizing these versions are advised to implement necessary security measures and monitor for unusual access patterns to mitigate risk.

References

https://support.sitecore.com/kb?id=kb_article_view&syspar...

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2024
Vulnerability Reserved
Sep 15, 2024