cve-2021-42237
Vulnerability from cvelistv5
Published
2021-11-05 09:51
Modified
2025-02-03 15:38
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
References
cve@mitre.orghttp://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://sitecore.comVendor Advisory
cve@mitre.orghttps://blog.assetnote.io/2021/11/02/sitecore-rce/Exploit, Third Party Advisory
cve@mitre.orghttps://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://sitecore.comVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.assetnote.io/2021/11/02/sitecore-rce/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776Vendor Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2022-03-25

Due date: 2022-04-15

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-42237

Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:30:37.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://sitecore.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1000776"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.assetnote.io/2021/11/02/sitecore-rce/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-42237",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-03T14:09:16.771279Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-42237"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-03T15:38:21.811Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-16T17:06:15.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://sitecore.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1000776"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.assetnote.io/2021/11/02/sitecore-rce/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-42237",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sitecore.com",
              "refsource": "MISC",
              "url": "http://sitecore.com"
            },
            {
              "name": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1000776",
              "refsource": "MISC",
              "url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1000776"
            },
            {
              "name": "https://blog.assetnote.io/2021/11/02/sitecore-rce/",
              "refsource": "MISC",
              "url": "https://blog.assetnote.io/2021/11/02/sitecore-rce/"
            },
            {
              "name": "http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-42237",
    "datePublished": "2021-11-05T09:51:18.000Z",
    "dateReserved": "2021-10-11T00:00:00.000Z",
    "dateUpdated": "2025-02-03T15:38:21.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-42237",
      "cwes": "[\"CWE-502\"]",
      "dateAdded": "2022-03-25",
      "dueDate": "2022-04-15",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-42237",
      "product": "XP",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.",
      "vendorProject": "Sitecore",
      "vulnerabilityName": "Sitecore XP Remote Command Execution Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-42237\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-11-05T10:15:08.240\",\"lastModified\":\"2025-02-03T16:15:31.637\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Sitecore XP Versi\u00f3n Inicial 7.5 a Sitecore XP 8.2 Update-7, es vulnerable a un ataque de deserializaci\u00f3n no segura donde es posible lograr una ejecuci\u00f3n de comandos remotos en la m\u00e1quina. No es requerida ninguna autenticaci\u00f3n ni configuraci\u00f3n especial para explotar esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-03-25\",\"cisaActionDue\":\"2022-04-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Sitecore XP Remote Command Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:7.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DA5CB16-F850-41CC-9629-22A27A7D116B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:7.5:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADC6C446-A985-465A-9FBE-5FCEE9C6CBD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:7.5:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB23F608-4B01-4D54-8A1E-E15BEE609FA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE208FB9-A66E-4073-AD2F-DC56FDBDE127\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6454C19-10B4-48C3-A263-9334E594164B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E192728C-7ED3-4A49-953E-E123160965F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B59B52C9-788F-4F31-9426-001AEFAEB8F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4D47317-4E1F-4C2E-BD56-960BFD6947BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.0:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D36C9AB3-B22F-4C47-B92D-03D95E3C8137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.0:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2DC3A72-1BAE-44C6-877A-8AC4398425A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.0:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB53F79E-FA06-423C-B9BC-96AF052726B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.0:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"08DD78DD-3686-48C9-A896-CF1CFDD2FCBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9362ED8-9012-4771-BED2-501921784E5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.1:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"47CB90D7-CC2C-4A5C-99DC-5C52A4A3E188\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.1:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"17E8CD1F-2D60-4E4A-BAA4-80165910058B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.1:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2B4B37E-265B-40BB-ADD9-856F751322C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"65E69221-68EE-4D8F-829B-12C96C197C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.2:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"218E38E2-FBF3-4E75-8507-5BD425FA4F81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.2:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C754113-6D8E-4B0D-872C-266088B27362\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.2:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA0A84E9-0B8D-4755-AF70-59207CEDCC08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.2:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F73BF18-6D89-4663-AA37-56FC976A0EE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.2:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7CDCFB0-9C38-46CA-A2C3-6A18F4B9A224\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.2:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"496F293C-F7ED-411A-8498-9B93FDC350C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sitecore:experience_platform:8.2:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"402BC64F-A66E-426B-ACB9-F65AB857006B\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://sitecore.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://blog.assetnote.io/2021/11/02/sitecore-rce/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1000776\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://sitecore.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://blog.assetnote.io/2021/11/02/sitecore-rce/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1000776\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://sitecore.com\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1000776\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://blog.assetnote.io/2021/11/02/sitecore-rce/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T03:30:37.679Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-42237\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-03T14:09:16.771279Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-42237\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T15:31:51.933Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"http://sitecore.com\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1000776\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://blog.assetnote.io/2021/11/02/sitecore-rce/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2021-11-16T17:06:15.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://sitecore.com\", \"name\": \"http://sitecore.com\", \"refsource\": \"MISC\"}, {\"url\": \"https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1000776\", \"name\": \"https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1000776\", \"refsource\": \"MISC\"}, {\"url\": \"https://blog.assetnote.io/2021/11/02/sitecore-rce/\", \"name\": \"https://blog.assetnote.io/2021/11/02/sitecore-rce/\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html\", \"name\": \"http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-42237\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-42237\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-03T15:38:21.811Z\", \"dateReserved\": \"2021-10-11T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2021-11-05T09:51:18.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.