CVE-2021-42237

CRITICAL KEV RANSOMWARE NUCLEI

Sitecore Experience Platform - Insecure Deserialization

Title source: rule
STIX 2.1

Description

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

Exploits (6)

nomisec WORKING POC 1 stars
by vesperp · remote
https://github.com/vesperp/CVE-2021-42237-SiteCore-XP
nomisec SCANNER
by crankyyash · poc
https://github.com/crankyyash/SiteCore-RCE-Detection
vulncheck_xdb WORKING POC
remote
https://github.com/ItsIgnacioPortal/CVE-2021-42237
inthewild WORKING POC
poc
https://github.com/pinkdev1/cve-2021-42237
inthewild WORKING POC
poc
https://github.com/itsignacioportal/cve-2021-42237
metasploit WORKING POC EXCELLENT
by AssetNote, gwillcox-r7 · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sitecore_xp_cve_2021_42237.rb

Nuclei Templates (1)

Sitecore Experience Platform Pre-Auth RCE
CRITICALby pdteam
Shodan: http.title:"SiteCore" || http.title:"sitecore"
FOFA: title="sitecore"

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.9437
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2022-03-25
VulnCheck KEV 2022-03-25
InTheWild.io 2021-11-05
ENISA EUVD EUVD-2021-29215
Ransomware Use Confirmed
CWE
CWE-502
Status published
Products (4)
sitecore/experience_platform 7.5 (3 CPE variants)
sitecore/experience_platform 8.0 (9 CPE variants)
sitecore/experience_platform 8.1 (4 CPE variants)
sitecore/experience_platform 8.2 (8 CPE variants)
Published Nov 05, 2021
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026