CVE-2024-46938

HIGH EXPLOITED NUCLEI

Sitecore Experience Commerce < 10.4 - Information Disclosure

Title source: rule

Description

An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.

Nuclei Templates (1)

Sitecore Experience Platform <= 10.4 - Arbitrary File Read

HIGHVERIFIEDby DhiyaneshDK

Shodan: http.title:"sitecore"

FOFA: title="sitecore"

References (1)

[Vendor Advisory] https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003408

Scores

CVSS v3 7.5

EPSS 0.9343

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2025-06-07

CWE

CWE-200

Status published

Products (3)

sitecore/experience_commerce 8.0 - 10.4

sitecore/experience_manager 8.0 - 10.4

sitecore/experience_platform 8.0 - 10.4

Published Sep 15, 2024

Tracked Since Feb 18, 2026