CVE-2021-42237

Description

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-42237
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-42237

Refrence: Project Discovery GitHub

ItsIgnacioPortal

An exploit/PoC for CVE-2021-42237

Refrence: GitHub

vesperp

Refrence: GitHub

crankyyash

For detection of sitecore RCE - CVE-2021-42237

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept