Sitecore XP Deserialization RCE (CVE-2021-42237)
Description
Sitecore XP is a .NET content management system.
Sitecore XP uses usafe deserialization in Report.ashx. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data. An attacker can leverage this vulnerability to execute arbitrary code on the system.
Remediation
Upgrade to the latest version of Sitecore XP