Vulnerability Description
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sitecore | Experience Platform | 7.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-RemoThird Party AdvisoryVDB Entry
- http://sitecore.comVendor Advisory
- https://blog.assetnote.io/2021/11/02/sitecore-rce/ExploitThird Party Advisory
- https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776Vendor Advisory
- http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-RemoThird Party AdvisoryVDB Entry
- http://sitecore.comVendor Advisory
- https://blog.assetnote.io/2021/11/02/sitecore-rce/ExploitThird Party Advisory
- https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-42237?
CVE-2021-42237 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authenticati...
How severe is CVE-2021-42237?
CVE-2021-42237 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-42237?
Check the references section above for vendor advisories and patch information. Affected products include: Sitecore Experience Platform.