← Voltar para CVEs
CVE-2021-42237
CRITICALCISA KEV9.8
Descricao
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado11/5/2021
Ultima modificacao11/10/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorSitecore
ProdutoXP
Nome da vulnerabilidadeSitecore XP Remote Command Execution Vulnerability
Data inclusao KEV2022-03-25
Prazo de remediacao2022-04-15
Uso em ransomwareKnown
Produtos afetados
sitecore:experience_platform
Fraquezas (CWE)
CWE-502CWE-502
Referencias
http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html(cve@mitre.org)
http://sitecore.com(cve@mitre.org)
https://blog.assetnote.io/2021/11/02/sitecore-rce/(cve@mitre.org)
http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://sitecore.com(af854a3a-2127-422b-91ae-364da2661108)
https://blog.assetnote.io/2021/11/02/sitecore-rce/(af854a3a-2127-422b-91ae-364da2661108)
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42237(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.