CVE-2021-42237
Sitecore XP Remote Command Execution Vulnerability
CVSS
9.8
Crítico
EPSS
97.9%
p100
KEV
SÍ
25 mar 2022
Exploit Today
80
0-100
Publicado: 5 nov 2021 · Última mod.: 9 jul 2026 · CWE-502
Producto
Sitecore / XP
Vulnerabilidad
Sitecore XP Remote Command Execution Vulnerability
Añadido a KEV
25 mar 2022
Remediar antes de
15 abr 2022
Uso conocido en ransomware
Sí
Descripción resumida
Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
- packetstormsecurity.comhttp://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html
- blog.assetnote.iohttps://blog.assetnote.io/2021/11/02/sitecore-rce/
- support.sitecore.comhttps://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776
- packetstormsecurity.comhttp://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html
- blog.assetnote.iohttps://blog.assetnote.io/2021/11/02/sitecore-rce/
- support.sitecore.comhttps://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776
- www.cisa.govhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42237