Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:6 p.m.10 views

CVE-2021-42237

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability...

10CVSS7.5AI score0.97904EPSS
Exploits4
Information Security Automation
Information Security Automation
added 2022/10/21 8:10 p.m.161 views

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory CSA AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link for Russia: Americans cant just release a list...

10CVSS1.1AI score0.99999EPSS
Exploits973
VulnCheck KEV
VulnCheck KEV
added 2022/03/25 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-42237

Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution...

10CVSS7.7AI score0.97904EPSS
Exploits4References1
Check Point Advisories
Check Point Advisories
added 2022/02/06 12:0 a.m.49 views

Sitecore XP Remote Code Execution (CVE-2021-42237)

A remote code execution vulnerability exists in Sitecore XP. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.2AI score0.97904EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2021/11/19 7:51 p.m.68 views

Metasploit Wrap-Up

Azure Active Directory login scanner module Community contributor k0pak4 added a new login scanner module for Azure Active Directory. This module exploits a vulnerable authentication endpoint in order to enumerate usernames without generating log events. The error code returned by the endpoint ca...

10CVSS8.1AI score0.97904EPSS
Exploits16
Rapid7 Blog
Rapid7 Blog
added 2021/11/09 4:59 p.m.158 views

Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs

Over the weekend of November 6, 2021, Rapid7’s Incident Response IR and Managed Detection and Response MDR teams began seeing opportunistic exploitation of two unrelated CVEs: CVE-2021-40539, a REST API authentication bypass in Zoho’s ManageEngine ADSelfService Plus product that Rapid7 has...

10CVSS9.8AI score0.9896EPSS
Exploits12
Circl
Circl
added 2021/11/05 1:25 p.m.27 views

CVE-2021-42237

creationtimestamp| type| source ---|---|--- 2021-11-05 13:25:41+00:00| seen| https://t.me/cibsecurity/31868 2021-11-08 17:26:22+00:00| exploited| https://t.me/BleepingComputer/10895 2021-11-09 17:50:00+00:00| exploited| https://t.me/truesecator/2299 2021-11-15 19:46:09+00:00| seen|...

10CVSS7.5AI score0.97904EPSS
In wildExploits4References12
CVE
CVE
added 2021/11/05 9:51 a.m.1169 views

CVE-2021-42237

CVE-2021-42237 – Sitecore XP is an insecure deserialization vulnerability affecting Sitecore Experience Platform 7.5 to 8.2 Update-7, enabling remote code execution without authentication. Concrete details across connected docs show vulnerable versions include Sitecore XP 7.5.x (7.5.0–7.5.2) and ...

10CVSS9.7AI score0.97904EPSS
In wildExploits4References4Affected Software1
Vulnrichment
Vulnrichment
added 2021/11/05 9:51 a.m.11 views

CVE-2021-42237

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability...

7.4AI score0.97904EPSS
Exploits4References3
Rows per page
Query Builder