Vulnerabilities > CVE-2024-46938 - Unspecified vulnerability in Sitecore products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sitecore

NVD

Published: 2024-09-15

Updated: 2024-09-20

Summary

An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.

Vulnerable Configurations

Part	Description	Count
Application	Sitecore Sitecore Experience Commerce 9.0 Sitecore Experience Commerce 10.0 Sitecore Experience Commerce 10.3 Sitecore Experience Platform 8.0 Sitecore Experience Platform 8.1 Sitecore Experience Platform 8.2 Sitecore Experience Platform 9.0 Sitecore Experience Platform 9.1 Sitecore Experience Platform 9.1.1 Sitecore Experience Platform 9.2 Sitecore Experience Platform 9.3 Sitecore Experience Platform 10.0 Sitecore Experience Platform 10.1 Sitecore Experience Platform 10.2 Sitecore Experience Platform 10.3 Sitecore Experience Manager 9.0 Sitecore Experience Manager 9.1 Sitecore Experience Manager 9.2 Sitecore Experience Manager 9.3 Sitecore Experience Manager 10.1 Sitecore Experience Manager 10.2 Sitecore Experience Manager 10.3	55

References

https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003408