CVE-2021-42237
Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Affected Platforms (CPE)
📦
Sitecore
Experience Platform
= 7.5📦
Sitecore
Experience Platform
= 7.5📦
Sitecore
Experience Platform
= 7.5📦
Sitecore
Experience Platform
= 8.0📦
Sitecore
Experience Platform
= 8.0📦
Sitecore
Experience Platform
= 8.0📦
Sitecore
Experience Platform
= 8.0📦
Sitecore
Experience Platform
= 8.0📦
Sitecore
Experience Platform
= 8.0📦
Sitecore
Experience Platform
= 8.0📦
Sitecore
Experience Platform
= 8.0📦
Sitecore
Experience Platform
= 8.0📦
Sitecore
Experience Platform
= 8.1📦
Sitecore
Experience Platform
= 8.1📦
Sitecore
Experience Platform
= 8.1📦
Sitecore
Experience Platform
= 8.1📦
Sitecore
Experience Platform
= 8.2📦
Sitecore
Experience Platform
= 8.2📦
Sitecore
Experience Platform
= 8.2📦
Sitecore
Experience Platform
= 8.2📦
Sitecore
Experience Platform
= 8.2📦
Sitecore
Experience Platform
= 8.2📦
Sitecore
Experience Platform
= 8.2📦
Sitecore