CVE-2021-42950

EPSS 2.85%
Published 03.03.2022 03:15:07
Last modified 21.11.2024 06:28:19
Source cve@mitre.org
Teams watchlist Login
Open Login

Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution.

Affected products Warnungen 0 Metrics 3 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Zepl ≫ Zepl Version < 2021-10-25

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.85%	0.85

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://zepl.com

Vendor Advisory

https://seclists.org/fulldisclosure/2022/Feb/31

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2021-42950

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-42950

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-42950

EUVD