9 matches found
CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability...
Joint Advisory AA22-279A and Vulristics
Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory CSA AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link for Russia: Americans cant just release a list...
VulnCheck KEV: CVE-2021-42237
Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution...
Sitecore XP Remote Code Execution (CVE-2021-42237)
A remote code execution vulnerability exists in Sitecore XP. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Metasploit Wrap-Up
Azure Active Directory login scanner module Community contributor k0pak4 added a new login scanner module for Azure Active Directory. This module exploits a vulnerable authentication endpoint in order to enumerate usernames without generating log events. The error code returned by the endpoint ca...
Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs
Over the weekend of November 6, 2021, Rapid7’s Incident Response IR and Managed Detection and Response MDR teams began seeing opportunistic exploitation of two unrelated CVEs: CVE-2021-40539, a REST API authentication bypass in Zoho’s ManageEngine ADSelfService Plus product that Rapid7 has...
CVE-2021-42237
creationtimestamp| type| source ---|---|--- 2021-11-05 13:25:41+00:00| seen| https://t.me/cibsecurity/31868 2021-11-08 17:26:22+00:00| exploited| https://t.me/BleepingComputer/10895 2021-11-09 17:50:00+00:00| exploited| https://t.me/truesecator/2299 2021-11-15 19:46:09+00:00| seen|...
CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability...
CVE-2021-42237
CVE-2021-42237 – Sitecore XP is an insecure deserialization vulnerability affecting Sitecore Experience Platform 7.5 to 8.2 Update-7, enabling remote code execution without authentication. Concrete details across connected docs show vulnerable versions include Sitecore XP 7.5.x (7.5.0–7.5.2) and ...