Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Linux Distros Unpatched Vulnerability : CVE-2021-32811

🗓️ 10 Sep 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 3 Views

Zope before 4.6.3 or 5.3 with Python 3 and Products.PythonScripts are vulnerable to remote code execution; patch unavailable.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2021-32811
3 Aug 202102:27
circl
CNNVD		Zope 安全漏洞
2 Aug 202100:00
cnnvd
CVE		CVE-2021-32811
2 Aug 202121:55
cve
Cvelist		CVE-2021-32811 Remote Code Execution via Script (Python) objects under Python 3
2 Aug 202121:55
cvelist
EUVD		EUVD-2021-0001
7 Oct 202500:30
euvd
Github Security Blog		Remote Code Execution via Script (Python) objects under Python 3
5 Aug 202117:00
github
GitLab Advisory Database		Improperly Controlled Modification of Dynamically-Determined Object Attributes
2 Aug 202100:00
gitlab
NVD		CVE-2021-32811
2 Aug 202122:15
nvd
OpenVAS		Zope RCE Vulnerability (GHSA-g4gq-j4p2-j8fr)
4 Aug 202100:00
openvas
OSV		CVE-2021-32807
30 Jul 202122:15
osv
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(262800);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/10");

  script_cve_id("CVE-2021-32811");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2021-32811");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote
    code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment,
    run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Products.PythonScripts`
    add-on package installed. By default, one must have the admin-level Zope Manager role to add or edit
    Script (Python) objects through the web. Only sites that allow untrusted users to add/edit these scripts
    through the web are at risk. Zope releases 4.6.3 and 5.3 are not vulnerable. As a workaround, a site
    administrator can restrict adding/editing Script (Python) objects through the web using the standard Zope
    user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and
    adding/editing these scripts through the web should be restricted to trusted users only. This is the
    default configuration in Zope. (CVE-2021-32811)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2021-32811");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-32811");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zope2.13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "zope2.13"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "zope2.13"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Sep 2025 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 26.5
CVSS 3.17.2 - 7.5
EPSS0.03934
Zope vulnerabilityremote code executionPython 3Products.PythonScriptsno vendor patch
3