CVE-2024-46938
📊 7.5 HIGH⚡ 93.4%🎯 0 exploits
📅 Published Sep 15, 2024
📋 Status: Analyzed
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
CVSS v3.1 • NVD
🎯 Affected Products & Systems
3 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | sitecore | experience commerce | ≥ 8.0 ∧ ≤ 10.4 | Vulnerable | cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:* |
📱App | sitecore | experience manager | ≥ 8.0 ∧ ≤ 10.4 | Vulnerable | cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:* |
📱App | sitecore | experience platform | ≥ 8.0 ∧ ≤ 10.4 | Vulnerable | cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: ≥ 8.0 ∧ ≤ 10.4
CPE:
cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 8.0 ∧ ≤ 10.4
CPE:
cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 8.0 ∧ ≤ 10.4
CPE:
cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
NONE
Availability:
NONE
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
7.5 (HIGH)v3.1
Source: [email protected]
EPSS Details
93.4% (Critical)99.8th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
Sep 15, 2024 (1 year ago)
Last Modified
Sep 20, 2024 (1 year ago)
Security Weaknesses2
CWE-200
References2
NVDgeneral