LNG LogoLNG Logo
    • Enterprise App Development
    • Product Architecture Design
    • Data Engineering & Analytics
    • Cloud Consulting Services
    • AI-Enabled Applications
    • Remote Engineering Teams
    • UI/UX Design
    • Data Migration
    • Big Data
    • DevOps Solutions
    • Banking
    • Ecommerce
    • Fintech
    • Healthcare
    • Hospitality
    • Manufacturing
    • Telecom
    • Travel
    • Education
    • Cross-Platform & Web Development
    • Digital Experience Platform
    • Enterprise Technologies
    • Modern Frontend Interface
    • About Us
    • Blog
    • Our Team
    • Careers
    • Success Stories
Let's Talk !

Sitecore Vulnerability Fixed: Security Update | L&G

By: Koushik MukherjeeAugust 6, 2024

Critical Vulnerability in Sitecore Software (SC2024-001-619349)

Sitecore has identified and resolved a critical vulnerability (SC2024-001-619349) that poses a risk of unauthenticated arbitrary file reads. A patch is now available to address this issue, and Sitecore strongly urges all customers and partners to promptly apply the fix to all affected instances.

Impacted Products

The vulnerability affects the following Sitecore products:

  • Experience Manager (XM)
  • Experience Platform (XP)
  • Experience Commerce (XC)
  • Managed Cloud

Non-Impacted Products

The following Sitecore products are not affected by this vulnerability:

  • XM Cloud
  • Content Hub
  • CDP and Personalize (formerly Boxever)
  • OrderCloud (formerly Four51 OrderCloud)
  • Storefront (formerly Four51 Storefront)
  • Moosend
  • Send
  • Discover (formerly Reflektion)
  • Search
  • Commerce Server

Affected Versions

The vulnerability impacts all Experience Platform topologies (XM, XP, XC) from version 8.0 Initial Release to 10.4 Initial Release. This includes Content Management (CM) and Standalone instances, PaaS solutions, and containerized solutions. Managed Cloud customers running the affected Experience Platform versions are also impacted, specifically CM and Standalone Managed Cloud instances.

Solution

To mitigate the issue, Sitecore recommends applying the following patch to affected systems:

  1. For Versions 9.1 to 10.4 Initial Release:
    • Download and unpack the Sitecore.Support.619349.zip archive.
    • Place the Sitecore.Support.619349.dll in the \bin folder.
    • Place the Sitecore.Support.619349.config in the \App_Config\Include\zzz folder.
  2. For Versions 9.0.2 and Earlier:
    • Download and unpack the Sitecore.Support.61934-8.0.0-9.0.2.0.zip archive.
    • Place the Sitecore.Support.619349.dll in the \bin folder.
    • Place the Sitecore.Support.619349.config in the \App_Config\Include\zzz folder.

Sitecore is currently preparing hotfixes, which will be available soon.

Important Information

  • The vulnerability impacts only the Content Management (CM) and Standalone roles within Sitecore XP.
  • In the Azure Marketplace, hotfixes are not automatically rolled out and must be applied manually.
  • Versions 9.0.2 and earlier have entered the Sustaining Support Phase, and Sitecore does not provide hotfix packages for them. Therefore, Sitecore recommends upgrading to later versions and applying the corresponding hotfix.

 To ensure the security of your Sitecore instances, apply the necessary patches immediately and keep your environments up to date with the latest security fixes. Stay vigilant and proactive in maintaining the integrity of your Sitecore deployments.

For more information, please visit this Sitecore KB article


Security IssueSitecoreSitecore SecuritySitecore Vulnerability
Two CMSs, One Website: Managing Routing During WordPress to Sitecore MigrationJune 17, 2026Mastering Identity Resolution in Sitecore CDP: Anonymous to Known VisitorsMay 25, 2026

Let's Innovate, Collaborate, Build Your Product Together!

We turn your unique ideas into exceptional results. Contact us to
scale your tech capacity and accelerate business growth.

Let's Talk!
Where We Are

Our Global Presence

Delivering world-class digital solutions from three strategic locations across the globe.

South AfricaSouth Africa
ZACape Town

4th Floor, Mutual Park, Pinelands, Capetown, South Africa - 7405.

UAEUAE
AEDubai

FZCO 421, Dubai Commercity, Dubai, United Arab Emirates.

IndiaIndia
INAmritsar

SCO 6, Floor - 5, Dua Square, Ranjit Avenue, Block - B, Amritsar, Punjab, India - 143002

Logo

AI-Fuelled software agency, helping business professionals to thrive. Trusted by global leaders.

Company

  • About Us
  • Blog
  • Our Term
  • Careers
  • Success Stories

Services

  • AI-Enabled Applications
  • Big Data
  • Cloud Consulting Services
  • Data Engineering & Analytics
  • Data Migration
  • DevOps Solutions
  • Enterprise Application Development
  • Product Architecture Design
  • Remote Engineering Teams
  • UI/UX Design

Industries

  • Banking
  • Ecommerce
  • Fintech
  • Healthcare
  • Hospitality
  • Manufacturing
  • Telecom
  • Travel & Transport
  • Education

Technologies

  • Cross-Platform and Web Development
  • Digital Experience Platform
  • Enterprise Technologies
  • Modern Frontend Interface
Logo

AI-Fuelled software agency, helping business professionals to thrive. Trusted by global leaders.

Company
  • About Us
  • Blog
  • Our Term
  • Careers
  • Success Stories
Services
  • AI-Enabled Applications
  • Big Data
  • Cloud Consulting Services
  • Data Engineering & Analytics
  • Data Migration
  • DevOps Solutions
  • Enterprise Application Development
  • Product Architecture Design
  • Remote Engineering Teams
  • UI/UX Design
Industries
  • Banking
  • Ecommerce
  • Fintech
  • Healthcare
  • Hospitality
  • Manufacturing
  • Telecom
  • Travel & Transport
  • Education
Technologies
  • Cross-Platform and Web Development
  • Digital Experience Platform
  • Enterprise Technologies
  • Modern Frontend Interface

Copyright © 2026 L&G Consultancy. All Rights Reserved.
Privacy PolicyTerms and Conditions
Company Image