CVE-2021-36359

{"id": "CVE-2021-36359", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-08-30T05:15:07.157", "references": [{"url": "http://packetstormsecurity.com/files/163988/BSCW-Server-XML-Injection.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2021/Aug/23", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.bscw.de/en/company/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/163988/BSCW-Server-XML-Injection.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2021/Aug/23", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.bscw.de/en/company/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-91"}]}], "descriptions": [{"lang": "en", "value": "OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\\platypus\\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3."}, {"lang": "es", "value": "OrbiTeam BSCW Classic versiones anteriores a 7.4.3, permite una ejecuci\u00f3n de c\u00f3digo remota (RCE) autenticado de exportpdf por medio de la inyecci\u00f3n de etiquetas XML porque el archivo reportlab\\platypus\\paraparser.py (al que se accede por medio de bscw.cgi op=_editfolder.EditFolder) llama a eval en el c\u00f3digo Python suministrado por el atacante. Esto es corregido en las versiones 5.0.12, 5.1.10, 5.2.4, 7.3.3 y 7.4.3."}], "lastModified": "2024-11-21T06:13:35.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BFB2BFC-0110-478C-B55D-54A39FCDA3AA", "versionEndExcluding": "5.0.12"}, {"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA00DEF6-7CC9-4696-973F-BCCE9FF47663", "versionEndExcluding": "5.1.10", "versionStartIncluding": "5.1.0"}, {"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE56EADE-6552-433E-A4C5-408D611FE024", "versionEndExcluding": "5.2.4", "versionStartIncluding": "5.2.0"}, {"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91A6B0CF-DBD9-46F4-B3C2-5ADAA3BF9084", "versionEndExcluding": "7.3.3", "versionStartIncluding": "7.3.0"}, {"criteria": "cpe:2.3:a:bscw:bscw_classic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "355519B0-8A2B-4DAD-AB2A-858CF2715610", "versionEndExcluding": "7.4.3", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}