Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
CVE-2021-42237 | Sitecore XP Remote Command Execution Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE 2021-42237related to a remote code execution vulnerability through insecure deserialization.
References
|