8.8

CVE-2021-42950

EPSS 1.61%
Veröffentlicht 03.03.2022 03:15:07
Zuletzt bearbeitet 21.11.2024 06:28:19
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zepl ≫ Zepl Version < 2021-10-25

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.61%	0.728

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://zepl.com

Vendor Advisory

https://seclists.org/fulldisclosure/2022/Feb/31

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2021-42950

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-42950

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-42950

EUVD