admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-29 05:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-392xx/CVE-2021-39271.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

151 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-39271",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-08-30T05:15:07.307",
"lastModified": "2021-09-02T02:37:26.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3."
},
{
"lang": "es",
"value": "OrbiTeam BSCW Classic versiones anteriores a 7.4.3, permite una ejecuci\u00f3n de c\u00f3digo remota (RCE) autenticado durante la extracci\u00f3n de archivos por medio de c\u00f3digo Python suministrado por un atacante en el atributo class de un archivo .bscw. Esto es corregido en las versiones 5.0.12, 5.1.10, 5.2.4, 7.3.3 y 7.4.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.12",
"matchCriteriaId": "8BFB2BFC-0110-478C-B55D-54A39FCDA3AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.0",
"versionEndExcluding": "5.1.10",
"matchCriteriaId": "DA00DEF6-7CC9-4696-973F-BCCE9FF47663"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.0",
"versionEndExcluding": "5.2.4",
"matchCriteriaId": "DE56EADE-6552-433E-A4C5-408D611FE024"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.0",
"versionEndExcluding": "7.3.3",
"matchCriteriaId": "91A6B0CF-DBD9-46F4-B3C2-5ADAA3BF9084"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndExcluding": "7.4.3",
"matchCriteriaId": "355519B0-8A2B-4DAD-AB2A-858CF2715610"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/fulldisclosure/2021/Aug/24",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.bscw.de/en/company/",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink