Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSitecore Experience Platform
APPSitecore7.58.08.18.2
CISA KEV — detailsi
- Vendori
- Sitecore
- Producti
- XP
- Added to KEVi
- March 25, 2022
- Remediation deadline (US Federal)i
- April 15, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
Related vulnerabilities
Krótki tytuł podatności po polsku (max 80 znaków)
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0...
Unsafe Reflection umożliwiający Cache Poisoning w Sitecore XM/XP
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, ...
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run ...