Описание
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-42237
- https://blog.assetnote.io/2021/11/02/sitecore-rce
- https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42237
- http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html
- http://sitecore.com
Связанные уязвимости
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Уязвимость конфигурации системы управления контентом Sitecore XP, позволяющая нарушителю выполнить произвольный код