{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-31T17:06:26.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bscw.de/en/company/"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/fulldisclosure/2021/Aug/24"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-39271", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.bscw.de/en/company/", "refsource": "MISC", "url": "https://www.bscw.de/en/company/"}, {"name": "https://seclists.org/fulldisclosure/2021/Aug/24", "refsource": "MISC", "url": "https://seclists.org/fulldisclosure/2021/Aug/24"}, {"name": "http://packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:06:42.396Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.bscw.de/en/company/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/fulldisclosure/2021/Aug/24"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-39271", "datePublished": "2021-08-30T04:58:25.000Z", "dateReserved": "2021-08-18T00:00:00.000Z", "dateUpdated": "2024-08-04T02:06:42.396Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BFB2BFC-0110-478C-B55D-54A39FCDA3AA", "versionEndExcluding": "5.0.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA00DEF6-7CC9-4696-973F-BCCE9FF47663", "versionEndExcluding": "5.1.10", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE56EADE-6552-433E-A4C5-408D611FE024", "versionEndExcluding": "5.2.4", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*", "matchCriteriaId": "91A6B0CF-DBD9-46F4-B3C2-5ADAA3BF9084", "versionEndExcluding": "7.3.3", "versionStartIncluding": "7.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*", "matchCriteriaId": "355519B0-8A2B-4DAD-AB2A-858CF2715610", "versionEndExcluding": "7.4.3", "versionStartIncluding": "7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3."}, {"lang": "es", "value": "OrbiTeam BSCW Classic versiones anteriores a 7.4.3, permite una ejecuci\u00f3n de c\u00f3digo remota (RCE) autenticado durante la extracci\u00f3n de archivos por medio de c\u00f3digo Python suministrado por un atacante en el atributo class de un archivo .bscw. Esto es corregido en las versiones 5.0.12, 5.1.10, 5.2.4, 7.3.3 y 7.4.3."}], "id": "CVE-2021-39271", "lastModified": "2024-11-21T06:19:05.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-30T05:15:07.307", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2021/Aug/24"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.bscw.de/en/company/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2021/Aug/24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.bscw.de/en/company/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}