Sitecore

**Name of the Vulnerable Software and Affected Versions** Sitecore JSS React Sample Application versions 11.0.0 through 14.0.1 **Description** An information disclosure issue exists that may allow page content intended for one user to be displayed to another user. **Recommendations** Sitecore JSS React Sample Application versions prior to 14.0.2

**Name of the Vulnerable Software and Affected Versions** Sitecore Experience Manager (XM) versions 9.2 Initial Release through 10.4 Initial Release Sitecore Experience Platform (XP) versions 9.2 Initial Release through 10.4 Initial Release Sitecore Experience Commerce (XC) versions 9.2 Initial Release through 10.4 Initial Release Sitecore Managed Cloud versions 9.2 Initial Release through 10.4 Initial Release **Description** A vulnerability exists that could allow remote code execution or unauthorized access to information. This affects all Experience Platform topologies (XM, XP, XC). PaaS and containerized solutions are similarly affected. **Recommendations** Update Sitecore Experience Manager (XM) to a version later than 10.4 Initial Release. Update Sitecore Experience Platform (XP) to a version later than 10.4 Initial Release. Update Sitecore Experience Commerce (XC) to a version later than 10.4 Initial Release. Update Sitecore Managed Cloud to a version later than 10.4 Initial Release.

**Name of the Vulnerable Software and Affected Versions** Sitecore Experience Manager (XM) versions 8.0 Initial Release through 10.4 Initial Release Sitecore Experience Platform (XP) versions 8.0 Initial Release through 10.4 Initial Release Sitecore Experience Commerce (XC) versions 8.0 Initial Release through 10.4 Initial Release **Description** A vulnerability exists that could allow an unauthenticated attacker to read arbitrary files. This issue affects Content Management (CM) and standalone instances, as well as PaaS and containerized solutions, across all Experience Platform topologies. **Recommendations** Update Sitecore Experience Manager (XM) to a version later than 10.4 Initial Release. Update Sitecore Experience Platform (XP) to a version later than 10.4 Initial Release. Update Sitecore Experience Commerce (XC) to a version later than 10.4 Initial Release.