Overview
- Description
- Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- Sitecore XP Remote Command Execution Vulnerability
- Exploit added on
- Mar 25, 2022
- Exploit action due
- Apr 15, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- CWE-502
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:7.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DA5CB16-F850-41CC-9629-22A27A7D116B"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:7.5:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADC6C446-A985-465A-9FBE-5FCEE9C6CBD6"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:7.5:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB23F608-4B01-4D54-8A1E-E15BEE609FA2"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE208FB9-A66E-4073-AD2F-DC56FDBDE127"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6454C19-10B4-48C3-A263-9334E594164B"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E192728C-7ED3-4A49-953E-E123160965F6"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B59B52C9-788F-4F31-9426-001AEFAEB8F0"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4D47317-4E1F-4C2E-BD56-960BFD6947BD"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:update4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D36C9AB3-B22F-4C47-B92D-03D95E3C8137"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2DC3A72-1BAE-44C6-877A-8AC4398425A8"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:update6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB53F79E-FA06-423C-B9BC-96AF052726B9"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:update7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08DD78DD-3686-48C9-A896-CF1CFDD2FCBC"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9362ED8-9012-4771-BED2-501921784E5F"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.1:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47CB90D7-CC2C-4A5C-99DC-5C52A4A3E188"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.1:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17E8CD1F-2D60-4E4A-BAA4-80165910058B"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.1:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2B4B37E-265B-40BB-ADD9-856F751322C6"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65E69221-68EE-4D8F-829B-12C96C197C0C"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.2:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "218E38E2-FBF3-4E75-8507-5BD425FA4F81"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.2:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C754113-6D8E-4B0D-872C-266088B27362"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.2:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA0A84E9-0B8D-4755-AF70-59207CEDCC08"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.2:update4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F73BF18-6D89-4663-AA37-56FC976A0EE8"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.2:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7CDCFB0-9C38-46CA-A2C3-6A18F4B9A224"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.2:update6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "496F293C-F7ED-411A-8498-9B93FDC350C1"
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.2:update7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "402BC64F-A66E-426B-ACB9-F65AB857006B"
}
],
"operator": "OR"
}
]
}
]