High severity8.8NVD Advisory· Published Aug 30, 2021· Updated Jun 17, 2026
CVE-2021-39271
CVE-2021-39271
Description
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OrbiTeam/BSCW Classicdescription
- Range: <7.4.3, 5.0.12, 5.1.10, 5.2.4, 7.3.3
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.htmlnvdExploitMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2021/Aug/24nvdExploitMailing ListThird Party Advisory
- www.bscw.de/en/company/nvdVendor Advisory
News mentions
0No linked articles in our index yet.