CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-39271

OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.04

EPSS Ranking 87.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

http://packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.html
https://seclists.org/fulldisclosure/2021/Aug/24
https://www.bscw.de/en/company/
http://packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.html
https://seclists.org/fulldisclosure/2021/Aug/24
https://www.bscw.de/en/company/

Products affected by CVE-2021-39271

Bscw » Bscw Classic » Version: N/A

cpe:2.3:a:bscw:bscw_classic:-
Bscw » Bscw Classic » Version: 5.1.0

cpe:2.3:a:bscw:bscw_classic:5.1.0
Bscw » Bscw Classic » Version: 5.2.0

cpe:2.3:a:bscw:bscw_classic:5.2.0
Bscw » Bscw Classic » Version: 7.3.0

cpe:2.3:a:bscw:bscw_classic:7.3.0
Bscw » Bscw Classic » Version: 7.4.0

cpe:2.3:a:bscw:bscw_classic:7.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-39271

Products

Pricing

Contact Us