State hackers breach defense, energy, healthcare orgs worldwide
MediaMarkt hit by Hive ransomware, initial $240 million ransom
REvil ransomware affiliates arrested in Romania and Kuwait
Pwn2Own: Printer plays AC/DC, Samsung Galaxy S21 hacked twice
NUCLEUS:13 TCP security bugs impact critical healthcare devices
TeamTNT hackers target your poorly configured Docker servers
Microsoft: Windows 10 2004 reaches end of service next month
Microsoft urges Exchange admins to patch bug exploited in the wild
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
The Australian Cyber Security Center (ACSC) is alerting web admins of the active exploitation of CVE-2021-42237, a remote code execution flaw in the Sitecore Experience Platform (Sitecore XP).
Sitecore XP is an enterprise-level content management system with data analytics (CMS) used by well-known companies, including American Express, IKEA, Carnival Cruise Lines, L’Oréal, and Volvo.
On October 13th, Sitecore disclosed and released a patch for a pre-authentication remote code execution vulnerability tracked as CVE-2021-42237 affecting the Sitecore Experience Platform.
Last week, cybersecurity firm Assetnote published a technical write-up on vulnerability allowing hackers to use the details to create exploits and actively exploit vulnerable websites.
“There is active exploitation of a vulnerability occurring in certain versions of Sitecore Experience Platform systems. Affected Australian organisation should apply the available security update,” warned the ACSC in a new advisory released Friday.
The vulnerable Sitecore XP component used in the attacks is Report.ashx, which provides a high-level view of analytics, engagement, and SEO success.
“This issue is related to a remote code execution vulnerability through insecure deserialization in the Report.ashx file. This file was used to drive the Executive Insight Dashboard (of Silverlight report) that was deprecated in 8.0 Initial Release,” explains Sitecore in their security advisory.
The vulnerability does not require authentication, and it allows any remote attacker to exploit a vulnerable server and gain complete control over it.
However, after Microsoft deprecated Silverlight, this Sitecore XP functionality was deprecated in version 8.0, causing only specific platform versions to be affected by the vulnerability.
The Sitecore XP versions affected by the RCE vulnerability are:
This vulnerability affects all versions of Sitecore XP, including all “single-instance and multi-instance environments, Managed Cloud environments, and all Sitecore server roles (Content Delivery, Content Editing, Reporting, Processing, etc.), which are exposed to the Internet.”
The recommended solution is to upgrade to a secure version, ideally Sitecore XP 9.0 or higher.
Alternatively, you can mitigate the flaw by deleting the Report.ashx file from “/sitecore/shell/ClientBin/Reporting/Report.ashx“on all server instances.
For more details on mitigating the Sitecore XP CVE-2021-42237 vulnerability and how it affects your installed version, you can review Sitecore’s security bulletin.
Over 30,000 GitLab servers still unpatched against critical bug
Working exploit released for VMware vCenter CVE-2021-22005 bug
Netgear fixes dangerous code execution bug in multiple routers
Microsoft: Windows MSHTML bug now exploited by ransomware gangs
Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug
Not a member yet? Register Now
MediaMarkt hit by Hive ransomware, initial $240 million ransom
State hackers breach defense, energy, healthcare orgs worldwide
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Credit card info of 1.8 million people stolen from sports gear sites

TellYouThePass ransomware revived in Linux, Windows Log4j attacksCredit card info of 1.8…

US emergency directive orders govt agencies to patch Log4j bug

TellYouThePass ransomware revived in Linux, Windows Log4j attacksGoogle Calendar now lets you…

The Week in Ransomware – November 5th 2021 – Placing bounties

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…

Facebook disrupts operations of seven surveillance-for-hire firms

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsNew ransomware now…