CVE-2021-42237

CVE-2021-42237 is a software vulnerability discovered in Sitecore XP, a popular content management system. This flaw was one of several exploited by the cybercriminal group known as Gold Melody between July 2020 and July 2022. The group targeted internet-exposed servers, using these vulnerabilities as initial access points for their attacks. Secureworks, a cybersecurity company, linked Gold Melody to five intrusions during this two-year period. The attackers leveraged a variety of software flaws, including those impacting Oracle E-Business Suite (CVE-2016-0545), Apache Struts (CVE-2017-5638), Sitecore XP (CVE-2021-42237), and Flexera FlexNet (CVE-2021-4104) among others. These attacks involved exploiting known vulnerabilities to gain initial access to systems and networks. The attacks orchestrated by Gold Melody demonstrated a broad knowledge of different software vulnerabilities and a strategic approach to exploiting them. In addition to CVE-2021-42237, the gang also exploited other known vulnerabilities in Oracle E-Business and WebLogic, Apache Struts, Log4j, JBoss MQ Java Message Service, and Citrix ShareFile. Secureworks' engagements with the threat actors revealed the tools and tactics used across these attacks, highlighting the need for robust security measures and regular patching to address such vulnerabilities.