Critical Sitecore Vulnerability Resolved: Immediate Patch Required for Unauthenticated File Read Risk
Critical Vulnerability in Sitecore Software (SC2024-001-619349) Sitecore has identified and resolved a critical vulnerability (SC2024-001-619349) that poses a risk of unauthenticated arbitrary file reads. A patch is now available to address this issue, and Sitecore strongly urges all customers and partners to promptly apply the fix to all affected instances. Impacted Products The vulnerability affects the following Sitecore products: Experience Manager (XM) Experience Platform (XP) Experience Commerce (XC) Managed Cloud Non-Impacted Products The following Sitecore products are not affected by this vulnerability: XM Cloud Content Hub CDP and Personalize (formerly Boxever) OrderCloud (formerly Four51 OrderCloud) Storefront (formerly Four51 Storefront) Moosend Send Discover (formerly Reflektion) Search Commerce Server Affected Versions The vulnerability impacts all Experience Platform