What is CVE-2024-46938?

CVE-2024-46938 is a vulnerability in N/a. Published 2024-09-15.

Is CVE-2024-46938 known to be exploited?

14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-46938

An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.

EPSS: 0.934 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

12442RF/POC
DMW11525708/wiki
Lern0n/Lernon-POC
Linxloop/fork_
Ostorlab/KEV
adysec/POC
eeeeeeeeee-code/POC
fkie-cad/nvd-json-data-feeds
greenberglinken/2023hvv_
iemotion/POC

References

support.sitecore.com/kb

Frequently asked questions

What is CVE-2024-46938?: CVE-2024-46938 is a vulnerability in N/a. Published 2024-09-15.
Is CVE-2024-46938 known to be exploited?: 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.