First published: 05 Nov 2021
Last updated: 05 Nov 2021

Content written for

Large organisations & infrastructure
Government

Background / What has happened?

Proof of concept exploit code has been released for a remote code execution vulnerability (CVE-2021-42237) in certain versions of the Sitecore Experience Platform (Sitecore XP) content management system. Successful exploitation of this vulnerability results in remote code execution which could allow an internet-based actor to install malware/ or webshells and perform other actions.

This vulnerability was previously identified by Sitecore in an October security bulletin and a security update and other mitigations made available.

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of active exploitation of this vulnerability in Australia.

Mitigation / How do I stay secure?

Australian organisations who utilise Sitecore XP should consult the Sitecore security bulletin, review the patch level of any Sitecore XP instances and ensure they are updated to the latest version. Sitecore also identifies other mitigations which can be applied.

Australian organisations who have identified an internet exposed Sitecore XP instance vulnerable to CVE-2021-42237 should review logs for signs of malicious activity targeting the vulnerable Report.ashx file outlined in the Sitecore security bulletin.

Assistance / Where can I go for help?

The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1 (1300 292 371).

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it