CVE-2021-40356
published 2021-09-14CVE-2021-40356: A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | teamcenter_v12.4 | — | — |
| siemens | teamcenter_v13.0 | — | — |
| siemens | teamcenter_v13.1 | — | — |
| siemens | teamcenter_v13.2 | — | — |
| siemens | teamcenter_visualization | >= 12.4.0 < 12.4.0.8 | 12.4.0.8 |
| siemens | teamcenter_visualization | >= 13.0.0 < 13.0.0.7 | 13.0.0.7 |
| siemens | teamcenter_visualization | >= 13.1.0 < 13.1.0.5 | 13.1.0.5 |
| siemens | teamcenter_visualization | >= 13.2.0 < 13.2.0.2 | 13.2.0.2 |