Sitecore Arbitrary File Read (CVE-2024-46938)

Description

The web application uses Sitecore platform. This version of Sitecore platform has an arbitrary file read vulnerability. Successful exploitation of the vulnerability can result in takeover of the server.

Remediation

Upgrade to the latest version of Sitecore

References

Security Bulletin SC2024-001-619349

Leveraging An Order of Operations Bug to Achieve RCE in Sitecore 8.x - 10.x

Related Vulnerabilities

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-39193)

SharePoint CVE-2019-1201 Vulnerability (CVE-2019-1201)

Python Numeric Errors Vulnerability (CVE-2008-2316)

Sqlite Other Vulnerability (CVE-2019-19959)

MediaWiki CVE-2023-37301 Vulnerability (CVE-2023-37301)

Severity

High

Classification

CVE-2024-46938 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N