PT-2021-22872 · Siemens · Teamcenter
Published
2021-09-14
·
Updated
2022-08-12
·
CVE-2021-40354
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Teamcenter versions prior to V12.4.0.8
Teamcenter versions prior to V13.0.0.7
Teamcenter versions prior to V13.1.0.5
Teamcenter versions prior to V13.2.0.2
Description
A vulnerability has been identified that could lead to an account takeover due to insufficient access control in the
surrogate functionality on user profiles. This issue allows any profile to access and perform tasks assigned to other users via the inbox/surrogate tasks.Recommendations
For versions prior to V12.4.0.8, update to V12.4.0.8 or later.
For versions prior to V13.0.0.7, update to V13.0.0.7 or later.
For versions prior to V13.1.0.5, update to V13.1.0.5 or later.
For versions prior to V13.2.0.2, update to V13.2.0.2 or later.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Teamcenter