CVE-2024-46938

Published: Sep 15, 2024Modified: Sep 20, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.

Affected (3)

Products: Sitecore: Experience Commerce, Experience Manager, Experience Platform

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Sitecore Experience Commerce	From 8.0 to 10.4
Sitecore Experience Manager	From 8.0 to 10.4
Sitecore Experience Platform	From 8.0 to 10.4

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003408

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.