CVE-2024-46938

Published Sep 15, 2024

Last updated 5 months ago

CVSS high 7.5

Overview

Description
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
Source
cve@mitre.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-200

Social media

Hype score
Not currently trending

  1. As many people know, @assetnote recently published a blog about a hard #vulnerability, #CVE-2024-46938 in #Sitecore CMS. I found a way to exploit it without any prerequisites. Check it inside https://t.co/64xgdjp94i #reseach #Security https://t.co/VktyQPCV4l

    @realalphaman_

    27 Nov 2024

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2024-46938 2 - CVE-2024-37397 3 - CVE-2024-42477 4 - CVE-2024-11477 5 - CVE-2024-0012 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    25 Nov 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Detect Sitecore RCE (CVE-2024-46938) with Nuclei 🚀 📷 Nuclei Template: https://t.co/6wHVISKWl7 by @DhiyaneshDK 📷 Research: https://t.co/jxYMAo8AT2 by @assetnote #hackwithautomation #CyberSecurity #AppSec #BugBounty #bugbountytips https://t.co/E0VOJZOtM8

    @infoalth

    24 Nov 2024

    55 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Detect Sitecore RCE (CVE-2024-46938) with Nuclei 🚀 Nuclei Template - https://t.co/A4Rz7wU6UT #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm

    @bountywriteups

    24 Nov 2024

    1651 Impressions

    3 Retweets

    30 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  5. Detect Sitecore RCE (CVE-2024-46938) with Nuclei 🚀 🔹 Nuclei Template: https://t.co/0ZphvIlDdC by @DhiyaneshDK 🔹 Research: https://t.co/xp5Nf5icVm by @assetnote #hackwithautomation #Cybersecurity #AppSec #BugBounty https://t.co/6V12paoFJk

    @pdnuclei

    24 Nov 2024

    11884 Impressions

    60 Retweets

    229 Likes

    92 Bookmarks

    2 Replies

    0 Quotes

  6. Top 5 Trending CVEs: 1 - CVE-2024-8811 2 - CVE-2024-42477 3 - CVE-2024-8856 4 - CVE-2020-27786 5 - CVE-2024-46938 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    24 Nov 2024

    95 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Top 5 Trending CVEs: 1 - CVE-2023-20963 2 - CVE-2024-46938 3 - CVE-2024-52940 4 - CVE-2024-0012 5 - CVE-2024-10220 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    23 Nov 2024

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Earlier this year, Assetnote's Security Research team discovered and reported a pre-authentication RCE vulnerability in Sitecore XP (CVE-2024-46938). Through the Assetnote Attack Surface Management platform, our customers were able to quickly detect and remediate this… https://t.

    @assetnote

    22 Nov 2024

    2715 Impressions

    7 Retweets

    49 Likes

    10 Bookmarks

    3 Replies

    0 Quotes

  9. Earlier this year, @assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE. Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: https://t.co/1N2m42ILDH ht

    @infosec_au

    22 Nov 2024

    14568 Impressions

    61 Retweets

    227 Likes

    89 Bookmarks

    3 Replies

    1 Quote

Configurations

References