Insecure Deserialization Attack in Sitecore XP 7.5 to 8.2 Update-7: Remote Command Execution Vulnerability

Insecure Deserialization Attack in Sitecore XP 7.5 to 8.2 Update-7: Remote Command Execution Vulnerability

CVE-2021-42237 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

Learn more about our Web Application Penetration Testing UK.