CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-34661
https://notcve.org/view.php?id=CVE-2022-34661
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition. Se ha identificado una vulnerabilidad en Teamcenter V12.4 (Todas las versiones anteriores a V12.4.0.15), Teamcenter V13.0 (Todas las versiones anteriores a V13.0.0.10), Teamcenter V13.1 (Todas las versiones anteriores a V13.1.0.10), Teamcenter V13.2 (Todas las versiones anteriores a V13.2.0.9), Teamcenter V13.3 (Todas las versiones anteriores a V13.3.0.5), Teamcenter V14.0 (Todas las versiones anteriores a V14.0.0.2). El servicio de caché del servidor de archivos en Teamcenter es vulnerable a una denegación de servicio al entrar en bucles infinitos y consumir ciclos de CPU. • https://cert-portal.siemens.com/productcert/pdf/ssa-759952.pdf • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-34660
https://notcve.org/view.php?id=CVE-2022-34660
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution. Se ha identificado una vulnerabilidad en Teamcenter V12.4 (Todas las versiones anteriores a V12.4.0.15), Teamcenter V13.0 (Todas las versiones anteriores a V13.0.0.10), Teamcenter V13.1 (Todas las versiones anteriores a V13.1.0.10), Teamcenter V13.2 (Todas las versiones anteriores a V13.2.0.9), Teamcenter V13.3 (Todas las versiones anteriores a V13.3.0.5), Teamcenter V14.0 (Todas las versiones anteriores a V14.0.0.2). El servicio File Server Cache en Teamcenter consiste en una funcionalidad que es vulnerable a una inyección de comandos. • https://cert-portal.siemens.com/productcert/pdf/ssa-759952.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32145
https://notcve.org/view.php?id=CVE-2022-32145
A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link. Se ha identificado una vulnerabilidad en Teamcenter Active Workspace versiones V5.2 (Todas las versiones anteriores a V5.2.9), Teamcenter Active Workspace versiones V6.0 (Todas las versiones anteriores a V6.0.3). se presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en la interfaz web de la aplicación afectada que podría permitir a un atacante ejecutar código malicioso engañando a los usuarios para que accedan a un enlace malicioso • https://cert-portal.siemens.com/productcert/pdf/ssa-401167.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31619
https://notcve.org/view.php?id=CVE-2022-31619
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. Se ha identificado una vulnerabilidad en Teamcenter V12.4 (Todas las versiones anteriores a V12.4.0.13), Teamcenter V13.0 (Todas las versiones anteriores a V13.0.0.9), Teamcenter V13.1 (Todas las versiones anteriores a V13.1.0.9), Teamcenter V13.2 (Todas las versiones anteriores a V13.2.0.9), Teamcenter V13.3 (Todas las versiones anteriores a V13.3.0.3), Teamcenter V14.0 (Todas las versiones anteriores a V14.0.0.2). El adaptador HTML de Java EE Server Manager en Teamcenter consta de credenciales predeterminadas codificadas. • https://cert-portal.siemens.com/productcert/pdf/ssa-220589.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29801
https://notcve.org/view.php?id=CVE-2022-29801
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. Se ha identificado una vulnerabilidad en Teamcenter V12.4 (Todas las versiones anteriores a V12.4.0.13), Teamcenter V13.0 (Todas las versiones anteriores a V13.0.0.9). La aplicación contiene una vulnerabilidad de inyección de entidades externas XML (XXE). • https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf • CWE-611: Improper Restriction of XML External Entity Reference •