CVE-2021-42237
Sitecore XP Remote Command Execution Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Sitecore XP Versión Inicial 7.5 a Sitecore XP 8.2 Update-7, es vulnerable a un ataque de deserialización no segura donde es posible lograr una ejecución de comandos remotos en la máquina. No es requerida ninguna autenticación ni configuración especial para explotar esta vulnerabilidad
Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-10-11 CVE Reserved
- 2021-11-05 CVE Published
- 2022-01-16 First Exploit
- 2022-03-25 Exploited in Wild
- 2022-04-15 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-11-22 EPSS Updated
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/ItsIgnacioPortal/CVE-2021-42237 | 2022-01-16 | |
| https://github.com/vesperp/CVE-2021-42237-SiteCore-XP | 2022-06-30 | |
| https://blog.assetnote.io/2021/11/02/sitecore-rce | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://sitecore.com | 2021-12-03 | |
| https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776 | 2021-11-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 7.5 Search vendor "Sitecore" for product "Experience Platform" and version "7.5" | - |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 7.5 Search vendor "Sitecore" for product "Experience Platform" and version "7.5" | update1 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 7.5 Search vendor "Sitecore" for product "Experience Platform" and version "7.5" | update2 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.0 Search vendor "Sitecore" for product "Experience Platform" and version "8.0" | - |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.0 Search vendor "Sitecore" for product "Experience Platform" and version "8.0" | sp1 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.0 Search vendor "Sitecore" for product "Experience Platform" and version "8.0" | update1 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.0 Search vendor "Sitecore" for product "Experience Platform" and version "8.0" | update2 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.0 Search vendor "Sitecore" for product "Experience Platform" and version "8.0" | update3 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.0 Search vendor "Sitecore" for product "Experience Platform" and version "8.0" | update4 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.0 Search vendor "Sitecore" for product "Experience Platform" and version "8.0" | update5 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.0 Search vendor "Sitecore" for product "Experience Platform" and version "8.0" | update6 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.0 Search vendor "Sitecore" for product "Experience Platform" and version "8.0" | update7 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.1 Search vendor "Sitecore" for product "Experience Platform" and version "8.1" | - |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.1 Search vendor "Sitecore" for product "Experience Platform" and version "8.1" | update1 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.1 Search vendor "Sitecore" for product "Experience Platform" and version "8.1" | update2 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.1 Search vendor "Sitecore" for product "Experience Platform" and version "8.1" | update3 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.2 Search vendor "Sitecore" for product "Experience Platform" and version "8.2" | - |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.2 Search vendor "Sitecore" for product "Experience Platform" and version "8.2" | update1 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.2 Search vendor "Sitecore" for product "Experience Platform" and version "8.2" | update2 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.2 Search vendor "Sitecore" for product "Experience Platform" and version "8.2" | update3 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.2 Search vendor "Sitecore" for product "Experience Platform" and version "8.2" | update4 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.2 Search vendor "Sitecore" for product "Experience Platform" and version "8.2" | update5 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.2 Search vendor "Sitecore" for product "Experience Platform" and version "8.2" | update6 |
Affected
| ||||||
| Sitecore Search vendor "Sitecore" | Experience Platform Search vendor "Sitecore" for product "Experience Platform" | 8.2 Search vendor "Sitecore" for product "Experience Platform" and version "8.2" | update7 |
Affected
| ||||||