Vulnerabilities > CVE-2021-39271 - Unspecified vulnerability in Bscw Classic

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

bscw

NVD

Published: 2021-08-30

Updated: 2021-09-02

Summary

OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.

Vulnerable Configurations

Part	Description	Count
Application	Bscw Bscw Bscw Classic 7.4.0 Bscw Bscw Classic 7.3.0 Bscw Bscw Classic 5.2.0 Bscw Bscw Classic 5.1.0 Bscw Bscw Classic -	5

References

https://seclists.org/fulldisclosure/2021/Aug/24
https://www.bscw.de/en/company/
http://packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.html