Lucene search

[email protected]NVD:CVE-2024-46938

HistorySep 15, 2024 - 10:15 p.m.

CVE-2024-46938

2024-09-1522:15:09

CWE-200

[email protected]

web.nvd.nist.gov

sitecore platform

unauthenticated access

arbitrary file read

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.6%

JSON

An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.

References

support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003408

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.6%

JSON

Related for NVD:CVE-2024-46938

vulnrichment1 cvelist1 cve1