CVE-2021-42237
05.11.2021, 10:15
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.Enginsight
| Vendor | Product | Version |
|---|---|---|
| sitecore | experience_platform | 7.5 |
| sitecore | experience_platform | 7.5:update1 |
| sitecore | experience_platform | 7.5:update2 |
| sitecore | experience_platform | 8.0 |
| sitecore | experience_platform | 8.0:sp1 |
| sitecore | experience_platform | 8.0:update1 |
| sitecore | experience_platform | 8.0:update2 |
| sitecore | experience_platform | 8.0:update3 |
| sitecore | experience_platform | 8.0:update4 |
| sitecore | experience_platform | 8.0:update5 |
| sitecore | experience_platform | 8.0:update6 |
| sitecore | experience_platform | 8.0:update7 |
| sitecore | experience_platform | 8.1 |
| sitecore | experience_platform | 8.1:update1 |
| sitecore | experience_platform | 8.1:update2 |
| sitecore | experience_platform | 8.1:update3 |
| sitecore | experience_platform | 8.2 |
| sitecore | experience_platform | 8.2:update1 |
| sitecore | experience_platform | 8.2:update2 |
| sitecore | experience_platform | 8.2:update3 |
| sitecore | experience_platform | 8.2:update4 |
| sitecore | experience_platform | 8.2:update5 |
| sitecore | experience_platform | 8.2:update6 |
| sitecore | experience_platform | 8.2:update7 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References