10
CVE-2021-42237
- EPSS 94.37%
- Veröffentlicht 05.11.2021 10:15:08
- Zuletzt bearbeitet 10.11.2025 14:43:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sitecore ≫ Experience Platform Version7.5 Update-
Sitecore ≫ Experience Platform Version7.5 Updateupdate1
Sitecore ≫ Experience Platform Version7.5 Updateupdate2
Sitecore ≫ Experience Platform Version8.0 Update-
Sitecore ≫ Experience Platform Version8.0 Updatesp1
Sitecore ≫ Experience Platform Version8.0 Updateupdate1
Sitecore ≫ Experience Platform Version8.0 Updateupdate2
Sitecore ≫ Experience Platform Version8.0 Updateupdate3
Sitecore ≫ Experience Platform Version8.0 Updateupdate4
Sitecore ≫ Experience Platform Version8.0 Updateupdate5
Sitecore ≫ Experience Platform Version8.0 Updateupdate6
Sitecore ≫ Experience Platform Version8.0 Updateupdate7
Sitecore ≫ Experience Platform Version8.1 Update-
Sitecore ≫ Experience Platform Version8.1 Updateupdate1
Sitecore ≫ Experience Platform Version8.1 Updateupdate2
Sitecore ≫ Experience Platform Version8.1 Updateupdate3
Sitecore ≫ Experience Platform Version8.2 Update-
Sitecore ≫ Experience Platform Version8.2 Updateupdate1
Sitecore ≫ Experience Platform Version8.2 Updateupdate2
Sitecore ≫ Experience Platform Version8.2 Updateupdate3
Sitecore ≫ Experience Platform Version8.2 Updateupdate4
Sitecore ≫ Experience Platform Version8.2 Updateupdate5
Sitecore ≫ Experience Platform Version8.2 Updateupdate6
Sitecore ≫ Experience Platform Version8.2 Updateupdate7
25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Sitecore XP Remote Command Execution Vulnerability
SchwachstelleSitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.37% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.