Security vulnerabilities

Multiple vulnerabilities

reported date: September 11th, 2021
reported by: BSCW thanks Armin Stock (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab
(https://sec-consult.com/vulnerability-lab/) for responsibly. (armin.stock@atos.net)
issue: Multiple vulnerabilities in BSCW Server. Affected distributions are BSCW 5.0, 5.1, 5.2, 7.3 and 7.4.
solution: Has been fixed in 7.4.4 and 5.2.5 distributions
fixed in: BSCW 7.4.4-e053d93, BSCW 5.2.5-60ee02e
reference: https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-bscw-server/
 
 

CVE-2021-39271 – Possible exploit

reported date: July 31th, 2021
reported by: BSCW thanks Armin Stock (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab
(https://sec-consult.com/vulnerability-lab/) for responsibly. (armin.stock@atos.net)
issue: Possible exploit of a security vulnerability in the external reportlab library. Affected distributions are BSCW 5.0, 5.1, 5.2, 7.3 and 7.4.
solution: Has been fixed in 7.4.3 and 5.2.4 distributions, other versions on request
fixed in: BSCW 7.4.3-7a2fc9b, 5.2.4-5d4d91b
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-39271, https://sec-consult.com/vulnerability-lab/advisory/authenticated-rce-in-bscw-server/
 
 

CVE-2021-36359 – Remote code execution

reported date: July 3rd, 2021
reported by: BSCW thanks Armin Stock (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab
(https://sec-consult.com/vulnerability-lab/) for responsibly. (armin.stock@atos.net)
issue: A critical vulnerability has been discovered allowing remote code execution by authenticated users.
Affected distributions are BSCW 5.0, 5.1, 5.2, 7.3 and 7.4.
solution: Has been fixed in 7.4.3 and 5.2.4 distributions, other versions on request
fixed in: BSCW 7.4.3-7a2fc9b, 5.2.4-5d4d91b
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-36359, https://sec-consult.com/vulnerability-lab/advisory/xml-tag-injection-in-bscw-server/
 
 

CVE-2014-2301 – Metadata disclosure

reported date: January 23, 2014
reported by: RedTeam Pentesting
issue: metadata information disclosure
solution: a patch for BSCW version 5.0.7 has been developed (and the issue was fixed in the 5.0.8 distribution)
fixed in: BSCW 5.0.8-31837
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-2301
 
 

CAN-2002-0095

reported date: January 2nd, 2002
reported by:  BugTraq Mailing List, Wed Jan 02 2002 – 17:13:32 CST: BSCW: Vulnerabilities and Problems.
issue: The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.
fixed in: BSCW 4.1.0  (September 2002)
solution: the default configuration was changed to not allow self-registration after installation
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0095
 
 

CAN-2002-0094

reported date: January 3rd, 2002
reported by:  Thomas Seliger <tom@wiretap.de>
issue: config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.
solution: a bugfix was developed to properly quote shell characters
fixed in: BSCW 4.1.0  (September 2002)
reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0094