CVE-2024-46938

EUVD-2024-42151
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
sitecoreexperience_commerce
8.0 ≤
𝑥
≤ 10.4
sitecoreexperience_manager
8.0 ≤
𝑥
≤ 10.4
sitecoreexperience_platform
8.0 ≤
𝑥
≤ 10.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003408