CVE-2024-46938
published 2024-09-15CVE-2024-46938: An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial…
PriorityP183high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
46.08%
98.7th percentile
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sitecore | experience_commerce | 8.0 – 10.4 | — |
| sitecore | experience_manager | 8.0 – 10.4 | — |
| sitecore | experience_platform | 8.0 – 10.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
contains(content_type, "text/javascript") AND status_code == 200
- →CVE-2024-46938 is an unauthenticated arbitrary file read in Sitecore XP/XM/XC 8.0 through 10.4 Initial Release. Detection logic targets HTTP responses with content-type containing 'text/javascript' and a 200 status code, likely reflecting server-side file content being returned to an unauthenticated requester. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5fx5-p3qx-6q26: An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8
ghsa_unreviewed·2024-09-16
CVE-2024-46938 [HIGH] CWE-200 GHSA-5fx5-p3qx-6q26: An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
VulnCheck
Sitecore Experience Platform , Manager, and Commerce Unauthenticated Arbitrary File Read
vulncheck·2024·CVSS 7.5
CVE-2024-46938 [HIGH] Sitecore Experience Platform , Manager, and Commerce Unauthenticated Arbitrary File Read
Sitecore Experience Platform , Manager, and Commerce Unauthenticated Arbitrary File Read
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
Affected: Sitecore experience_commerce
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2024-46938; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-07-20&host_type=src&vulnerability=cve-2024-46938; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?da
No detection rules found.
Nuclei
Sitecore Experience Platform <= 10.4 - Arbitrary File Read
nuclei·CVSS 7.5
CVE-2024-46938 [HIGH] Sitecore Experience Platform <= 10.4 - Arbitrary File Read
Sitecore Experience Platform ")'
- 'contains(content_type, "text/javascript")'
- 'status_code == 200'
condition: and
# digest: 4a0a0047304502210084aa85f8b4bd2100c14a719786eac5e443e0ee37f8f9e34e4d348b3e588c59b60220386e2a541c5ec16e3d3c8e4336079bb5a6810aa9f3731ed198d2b58c6213a8fb:922c64590222798bb761d5b6d8e72950
2024-09-15
Published
Exploited in the wild