An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
[
{
"cpes": [
"cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*"
],
"vendor": "sitecore",
"product": "experience_platform",
"versions": [
{
"status": "affected",
"version": "8.0",
"lessThan": "10.4",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*"
],
"vendor": "sitecore",
"product": "experience_manager",
"versions": [
{
"status": "affected",
"version": "8.0",
"lessThan": "10.4",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*"
],
"vendor": "sitecore",
"product": "experience_commerce",
"versions": [
{
"status": "affected",
"version": "8.0",
"lessThan": "10.4",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]