CVE-2024-46938

high-risk

Published 2024-09-15

An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.

Do I need to act?

93.4% chance of exploitation in next 30 days

EPSS score — higher than 7% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (3)

Experience Commerce

Experience Manager

Experience Platform

Affected Vendors

Sitecore

References (1)

Vendor Advisory https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003408

/ 100

high-risk

Severity 26/34 · High

Exploitability 20/34 · Moderate

Exposure 9/34 · Low