PT-2021-22499 · Orbiteam · Bscw Classic

Armin Stock

Published

2021-08-30

Updated

2021-09-06

CVE-2021-39271

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OrbiTeam BSCW Classic versions prior to 5.0.12 OrbiTeam BSCW Classic versions prior to 5.1.10 OrbiTeam BSCW Classic versions prior to 5.2.4 OrbiTeam BSCW Classic versions prior to 7.3.3 OrbiTeam BSCW Classic versions prior to 7.4.3

Description The issue allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file.

Recommendations For versions prior to 5.0.12, update to version 5.0.12 or later. For versions prior to 5.1.10, update to version 5.1.10 or later. For versions prior to 5.2.4, update to version 5.2.4 or later. For versions prior to 7.3.3, update to version 7.3.3 or later. For versions prior to 7.4.3, update to version 7.4.3 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-39271

Affected Products

Bscw Classic

PT-2021-22499 · Orbiteam · Bscw Classic

CVE-2021-39271

Related Identifiers

Affected Products

References · 10