Sitecore Arbitrary File Read (CVE-2024-46938) - Vulnerability Database

Sitecore Arbitrary File Read (CVE-2024-46938)

Description

The web application uses Sitecore platform. This version of Sitecore platform has an arbitrary file read vulnerability. Successful exploitation of the vulnerability can result in takeover of the server.

Remediation

Upgrade to the latest version of Sitecore

References

Security Bulletin SC2024-001-619349

Leveraging An Order of Operations Bug to Achieve RCE in Sitecore 8.x - 10.x

Related Vulnerabilities

Severity

High

Classification

CVE-2024-46938

CWE-200

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N