Skip to main content

Bscw Classic

2 CVEs product

Monthly

CVE-2021-39271 HIGH POC This Week

OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Bscw Classic
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-36359 HIGH POC This Week

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Bscw Classic
NVD
CVSS 3.1
8.8
EPSS
4.0%
EPSS 4% CVSS 8.8
HIGH POC This Week

OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Bscw Classic
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Bscw Classic
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy