Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2021-42237

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

  • Published: Nov 5, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-42237
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

Software From Fixed in
sitecore / experience_platform 8.2 8.2.x
sitecore / experience_platform 8.2-update1 8.2-update1.x
sitecore / experience_platform 8.2-update2 8.2-update2.x
sitecore / experience_platform 8.2-update3 8.2-update3.x
sitecore / experience_platform 8.2-update4 8.2-update4.x
sitecore / experience_platform 8.2-update5 8.2-update5.x
sitecore / experience_platform 8.2-update6 8.2-update6.x
sitecore / experience_platform 8.2-update7 8.2-update7.x
sitecore / experience_platform 8.1 8.1.x
sitecore / experience_platform 8.1-update1 8.1-update1.x
sitecore / experience_platform 8.1-update2 8.1-update2.x
sitecore / experience_platform 8.1-update3 8.1-update3.x
sitecore / experience_platform 8.0-update7 8.0-update7.x
sitecore / experience_platform 7.5 7.5.x
sitecore / experience_platform 7.5-update1 7.5-update1.x
sitecore / experience_platform 7.5-update2 7.5-update2.x
sitecore / experience_platform 8.0 8.0.x
sitecore / experience_platform 8.0-sp1 8.0-sp1.x
sitecore / experience_platform 8.0-update1 8.0-update1.x
sitecore / experience_platform 8.0-update2 8.0-update2.x
sitecore / experience_platform 8.0-update3 8.0-update3.x
sitecore / experience_platform 8.0-update4 8.0-update4.x
sitecore / experience_platform 8.0-update5 8.0-update5.x
sitecore / experience_platform 8.0-update6 8.0-update6.x