Zurück zur CVE-Übersicht
CVE-2021-42237
CRITICAL(9.8)KEV — Aktiv ausgenutztCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score84/100 — KRITISCH
- CVSS 9.8 — Kritisch
- EPSS 99% — sehr wahrscheinlich ausgenutzt
- Im CISA KEV-Katalog (aktiv ausgenutzt)
CISA KEV
Bestätigt ausgenutzt
EPSS-Score
99%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Referenzen
- http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remo...
- https://blog.assetnote.io/2021/11/02/sitecore-rce/
- https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776
- http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remo...
- http://sitecore.com
- https://blog.assetnote.io/2021/11/02/sitecore-rce/
- https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...