CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-42237

CVSS 9.8v3.1pub. 2021-11-05upd. 2026-07-05

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sitecore Experience Platform

    APP
    Sitecore
    7.58.08.18.2

CISA KEV — detailsi

Vendori
Sitecore
Producti
XP
Added to KEVi
March 25, 2022
Remediation deadline (US Federal)i
April 15, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 15 kwietnia 2022
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2025-53690CRITICAL9.0⚠ KEVPL ✓ten sam produkt

Krótki tytuł podatności po polsku (max 80 znaków)

CVE-2019-9874CRITICAL9.8⚠ KEVten sam produkt

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0...

CVE-2025-53693CRITICAL9.8PL ✓ten sam produkt

Unsafe Reflection umożliwiający Cache Poisoning w Sitecore XM/XP

CVE-2023-35813CRITICAL9.8ten sam produkt

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, ...

CVE-2023-27068CRITICAL9.8ten sam produkt

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run ...