CVE-2024-46938

EUVD-2024-42151
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
sitecoreexperience_commerce
8.0 ≤
𝑥
≤ 10.4
sitecoreexperience_manager
8.0 ≤
𝑥
≤ 10.4
sitecoreexperience_platform
8.0 ≤
𝑥
≤ 10.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
sitecoreexperience_platform
8.0 ≤
𝑥
< 10.4
ADP
sitecoreexperience_manager
8.0 ≤
𝑥
< 10.4
ADP
sitecoreexperience_commerce
8.0 ≤
𝑥
< 10.4
ADP
Common Weakness Enumeration
References
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003408