CVE-2021-42237

Published: Nov 5, 2021Modified: Nov 10, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

Affected (24)

Products: Sitecore: Experience Platform

Sitecore

1 product

Experience Platform

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Sitecore Experience Platform	Version 7.5
Sitecore Experience Platform	Version 7.5 update1
Sitecore Experience Platform	Version 7.5 update2
Sitecore Experience Platform	Version 8.0
Sitecore Experience Platform	Version 8.0 sp1
Sitecore Experience Platform	Version 8.0 update1
Sitecore Experience Platform	Version 8.0 update2
Sitecore Experience Platform	Version 8.0 update3
Sitecore Experience Platform	Version 8.0 update4
Sitecore Experience Platform	Version 8.0 update5
Sitecore Experience Platform	Version 8.0 update6
Sitecore Experience Platform	Version 8.0 update7
Sitecore Experience Platform	Version 8.1
Sitecore Experience Platform	Version 8.1 update1
Sitecore Experience Platform	Version 8.1 update2
Sitecore Experience Platform	Version 8.1 update3
Sitecore Experience Platform	Version 8.2
Sitecore Experience Platform	Version 8.2 update1
Sitecore Experience Platform	Version 8.2 update2
Sitecore Experience Platform	Version 8.2 update3
Sitecore Experience Platform	Version 8.2 update4
Sitecore Experience Platform	Version 8.2 update5
Sitecore Experience Platform	Version 8.2 update6
Sitecore Experience Platform	Version 8.2 update7