Description

The web application uses Sitecore platform. This version of Sitecore platform has an arbitrary file read vulnerability. Successful exploitation of the vulnerability can result in takeover of the server.

Remediation

Upgrade to the latest version of Sitecore

References

Security Bulletin SC2024-001-619349

Leveraging An Order of Operations Bug to Achieve RCE in Sitecore 8.x - 10.x

Related Vulnerabilities

ownCloud Other Vulnerability (CVE-2012-5057)

TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-12747)

Moodle Other Vulnerability (CVE-2006-4786)

Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-35944)

WebLogic CVE-2023-22089 Vulnerability (CVE-2023-22089)

Severity

High

Classification

CVE-2024-46938 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Arbitrary File Read Known Vulnerabilities