CVE-2021-42237

Vulnerability Profile Updated 3 months ago

Download STIX

Preview STIX

CVE-2021-42237 is a software vulnerability discovered in Sitecore XP, a popular content management system. This flaw was one of several exploited by the cybercriminal group known as Gold Melody between July 2020 and July 2022. The group targeted internet-exposed servers, using these vulnerabilities as initial access points for their attacks. Secureworks, a cybersecurity company, linked Gold Melody to five intrusions during this two-year period. The attackers leveraged a variety of software flaws, including those impacting Oracle E-Business Suite (CVE-2016-0545), Apache Struts (CVE-2017-5638), Sitecore XP (CVE-2021-42237), and Flexera FlexNet (CVE-2021-4104) among others. These attacks involved exploiting known vulnerabilities to gain initial access to systems and networks. The attacks orchestrated by Gold Melody demonstrated a broad knowledge of different software vulnerabilities and a strategic approach to exploiting them. In addition to CVE-2021-42237, the gang also exploited other known vulnerabilities in Oracle E-Business and WebLogic, Apache Struts, Log4j, JBoss MQ Java Message Service, and Citrix ShareFile. Secureworks' engagements with the threat actors revealed the tools and tactics used across these attacks, highlighting the need for robust security measures and regular patching to address such vulnerabilities.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apache

Log4j

Apache Struts

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
CVE-2021-4104	Unspecified	1	CVE-2021-4104 is a software vulnerability identified in Flexera's FlexNet. This flaw in the software design or implementation can be exploited by attackers to gain unauthorized access to systems running the affected software. The vulnerability was one of several security flaws used by Gold Melody, a
CVE-2016-0545	Unspecified	1	CVE-2016-0545 is a software vulnerability that affects the Oracle E-Business Suite. It is a flaw in the software's design or implementation that potentially allows unauthorized access or manipulation of data. This vulnerability was one of several exploited by the group known as Gold Melody between J
CVE-2020-14882	Unspecified	1	None
CVE-2020-14750	Unspecified	1	None
CVE-2017-5638	Unspecified	1	CVE-2017-5638 is a significant vulnerability found in Apache Struts, a widely used open-source framework for developing Java web applications. This flaw in software design or implementation allowed attackers to remotely execute commands on the server running the vulnerable application, leading to po
CVE-2017-7504	Unspecified	1	CVE-2017-7504 is a significant software vulnerability identified in the JBoss MQ Java Message Service (JMS). This flaw, rooted in software design and implementation, allows for deserialization attacks when exploited on an internet-exposed server. The vulnerability has been abused by malicious actors
CVE-2021-22941	Unspecified	1	CVE-2021-22941 is a significant software vulnerability identified in Citrix ShareFile, which allows for remote code execution (RCE). This flaw was exploited by the threat actor group known as GOLD MELODY, also referred to as PROPHET SPIDER. The group has been linked to various attacks exploiting sec
Log4Shell	Unspecified	1	Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent

Source Document References

Information about the CVE-2021-42237 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	10 months ago	Gold Melody Attacking Organizations With Burp Extension, Mimikatz, and Other Tools
DARKReading	10 months ago	'Gold Melody' Access Broker Plays on Unpatched Servers' Strings
CERT-EU	10 months ago	GOLD MELODY: Profile of an Initial Access Broker
CERT-EU	10 months ago	Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
CERT-EU	10 months ago	Gold Melody IAB exploits flaws in Oracle, Apache, Sitecore software to hack into corporate networks
CISA	a year ago	Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors \| CISA
CISA	a year ago	Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors \| CISA