1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Sitecore XP Remote Command Execution Vulnerability

Known Exploited Vulnerabilities CVE-2021-42237

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-42237 Sitecore XP Remote Command Execution Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE 2021-42237related to a remote code execution vulnerability through insecure deserialization.
References
  1. https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3181261/nsa-cisa-fbi-reveal-top-cves-exploited-by-chinese-state-sponsored-actors/
  2. https://www.cyber.gov.au/acsc/view-all-content/alerts/active-exploitation-vulnerable-sitecore-experience-platform-content-management-systems
  3. https://www.bleepingcomputer.com/news/security/sitecore-xp-rce-flaw-patched-last-month-now-actively-exploited/