Nicolo Vinci

Name of the Vulnerable Software and Affected Versions: Teamcenter versions prior to 14.3.0.0 Description: A vulnerability has been identified where the SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link. Recommendations: For versions prior to 14.3.0.0, update to version 14.3.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSO login service to minimize the risk of exploitation. Avoid using user-controlled input in the SSO login service until the issue is resolved.