Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2021-42237

Published: 05/11/2021 Updated: 03/12/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Sitecore

Vulnerability Summary

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sitecore experience platform 7.5

sitecore experience platform 8.0

sitecore experience platform 8.1

sitecore experience platform 8.2

Github Repositories

https://github.com/vesperp/CVE-2021-42237-SiteCore-XP

CVE-2021-42237-SiteCore-XP 一样的将需要检测的URL放在targettxt里面 DNSLOG平台自行注册和更改

https://github.com/PinkDev1/CVE-2021-42237

An exploit/PoC for CVE-2021-42237

CVE-2021-42237 This is an exploit/PoC for CVE-2021-42237 taken from: This Assetnote report DISCLAIMER: I'm not associated with Assetnote in any way or form This content is provided for educational porpouses only Make sure to replace CMD-COMMAND-HERE, as well as the Host, from the PoC below: POST /sitecore/shell/ClientBin/Reporting/Reportashx HTTP/11 Host: sitecoreloca

https://github.com/crankyyash/SiteCore-RCE-Detection

For detection of sitecore RCE - CVE-2021-42237

SiteCore-RCE-Detection For detection of sitecore RCE - CVE-2021-42237 Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 Relies on sitecore version detection and response when a request is made to vulnerale Reportashx via Get and Post The script takes a file containing list of urls in format wwwurlcom on each line Usage : python3 check-for-sitecore-rcepy -h python

References

CWE-502http://sitecore.comhttps://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776https://blog.assetnote.io/2021/11/02/sitecore-rce/http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/vesperp/CVE-2021-42237-SiteCore-XPhttps://github.com/PinkDev1/CVE-2021-42237
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook