CVE-2024-37996

Name of the Vulnerable Software and Affected Versions: JT Open versions prior to V11.5 PLM XML SDK versions prior to V7.1.0.014 Teamcenter Visualization V14.2 versions prior to V14.2.0.13 Teamcenter Visualization V14.3 versions prior to V14.3.0.11 Teamcenter Visualization V2312 versions prior to V2312.0008 Teamcenter Visualization V2406 versions prior to V2406.0003 JT2Go versions prior to V2406.0003

Description: The issue is related to a null pointer dereference vulnerability that occurs when the affected applications parse specially crafted XML files. This can allow an attacker to cause a denial of service condition by crashing the application. The vulnerability is exploited through the use of XML files and can lead to a denial of service condition.

Recommendations: For JT Open versions prior to V11.5, update to version V11.5 or later. For PLM XML SDK versions prior to V7.1.0.014, update to version V7.1.0.014 or later. For Teamcenter Visualization V14.2 versions prior to V14.2.0.13, update to version V14.2.0.13 or later. For Teamcenter Visualization V14.3 versions prior to V14.3.0.11, update to version V14.3.0.11 or later. For Teamcenter Visualization V2312 versions prior to V2312.0008, update to version V2312.0008 or later. For Teamcenter Visualization V2406 versions prior to V2406.0003, update to version V2406.0003 or later. For JT2Go versions prior to V2406.0003, update to version V2406.0003 or later. As a temporary workaround, consider restricting the use of specially crafted XML files to minimize the risk of exploitation.