CVE-2020-26981

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to 13.1.0 Teamcenter Visualization versions prior to 13.1.0

Description: A vulnerability has been identified that could allow remote attackers to disclose arbitrary files when opening a specially crafted xml file. This issue arises from the application passing specially crafted content to the underlying XML parser without proper restrictions, such as prohibiting an external DTD.

Recommendations: For JT2Go versions prior to 13.1.0, update to version 13.1.0 or later to resolve the issue. For Teamcenter Visualization versions prior to 13.1.0, update to version 13.1.0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of external XML entities in the XML parser to minimize the risk of exploitation.