← Volver a CVEs
CVE-2021-42237
CRITICALCISA KEV9.8
Descripcion
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/5/2021
Ultima modificacion11/10/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorSitecore
ProductoXP
Nombre vulnerabilidadSitecore XP Remote Command Execution Vulnerability
Fecha inclusion KEV2022-03-25
Fecha limite remediacion2022-04-15
Uso en ransomwareKnown
Productos afectados
sitecore:experience_platform
Debilidades (CWE)
CWE-502CWE-502
Referencias
http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html(cve@mitre.org)
http://sitecore.com(cve@mitre.org)
https://blog.assetnote.io/2021/11/02/sitecore-rce/(cve@mitre.org)
http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://sitecore.com(af854a3a-2127-422b-91ae-364da2661108)
https://blog.assetnote.io/2021/11/02/sitecore-rce/(af854a3a-2127-422b-91ae-364da2661108)
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42237(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.