CVE-2024-46938 — Vulnetix

CVE-2024-46938 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.

EPSS 93.43% · 99.8th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

93.43%

99.8th percentile

Affected Products

Vendor	Product	Versions
sitecore	experience_commerce	8.0
sitecore	experience_manager	8.0
sitecore	experience_platform	8.0
sitecore	experience_platform	8.0
sitecore	experience_commerce	8.0
sitecore	experience_manager	8.0
n/a	n/a	n/a

Timeline

Sep 15, 2024 CVE Published
Sep 16, 2024 EPSS Score
Sep 17, 2024 CVE Updated
Oct 5, 2024 Coalition ESS Score
Oct 25, 2024 EPSS Score
Nov 14, 2024 EPSS Score
Nov 22, 2024 PoC Published
Nov 22, 2024 PoC Published
Dec 4, 2024 EPSS Score
Dec 13, 2024 EPSS Score
Dec 31, 2024 EPSS Score
Jan 20, 2025 Coalition ESS Score

References

https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003408 url
https://nvd.nist.gov/vuln/detail/CVE-2024-46938 advisory

Open in Interactive Console →