CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41547
https://notcve.org/view.php?id=CVE-2021-41547
A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights. Se ha identificado una vulnerabilidad en Teamcenter Active Workspace versiones V4.3 (Todas las versiones anteriores a V4.3.11), Teamcenter Active Workspace versiones V5.0 (Todas las versiones anteriores a V5.0.10), Teamcenter Active Workspace versiones V5.1 (Todas las versiones anteriores a V5.1.6), Teamcenter Active Workspace versiones V5.2 (Todas las versiones anteriores a V5.2.3). La aplicación contiene un patrón de descompresión no seguro que podría conllevar a un ataque de salto de ruta de zip. • https://cert-portal.siemens.com/productcert/pdf/ssa-133772.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-40357
https://notcve.org/view.php?id=CVE-2021-40357
A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host. Se ha identificado una vulnerabilidad en Teamcenter Active Workspace versión V4.3 (Todas las versiones anteriores a V4.3.10), Teamcenter Active Workspace versión V5.0 (Todas las versiones anteriores a V5.0.8), Teamcenter Active Workspace versión V5.1 (Todas las versiones anteriores a V5.1.5), Teamcenter Active Workspace versión V5.2 (Todas las versiones anteriores a V5.2.1). Una vulnerabilidad de salto de ruta en la aplicación podría permitir a un atacante omitir ciertas restricciones como el acceso directo a otros servicios dentro del host • https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33711
https://notcve.org/view.php?id=CVE-2021-33711
A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). The affected application allows verbose error messages which allow leaking of sensitive information, such as full paths. Se ha identificado una vulnerabilidad en Teamcenter Active Workspace versiones V4 (Todas las versiones anteriores a V4.3.9), Teamcenter Active Workspace versiones V5.0 (Todas las versiones anteriores a V5.0.7), Teamcenter Active Workspace versiones V5.1 (Todas las versiones anteriores a V5.1.4). La aplicación afectada permite mensajes de error verboso que permiten el filtrado de información confidencial, tal y como rutas completas • https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33710
https://notcve.org/view.php?id=CVE-2021-33710
A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected devices that could allow an attacker to execute malicious JavaScript code by tricking users into accessing a malicious link. Se ha identificado una vulnerabilidad en Teamcenter Active Workspace versiones V4 (Todas las versiones anteriores a V4.3.9), Teamcenter Active Workspace versiones V5.0 (Todas las versiones anteriores a V5.0.7), Teamcenter Active Workspace versiones V5.1 (Todas las versiones anteriores a V5.1.4). Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en la interfaz web de los dispositivos afectados que podría permitir a un atacante ejecutar código JavaScript malicioso engañando a usuarios para que accedan a un enlace malicioso • https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33709
https://notcve.org/view.php?id=CVE-2021-33709
A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). By sending malformed requests, a remote attacker could leak an application token due to an error not properly handled by the system. Se ha identificado una vulnerabilidad en Teamcenter Active Workspace versiones V4 (Todas las versiones anteriores a V4.3.9), Teamcenter Active Workspace versiones V5.0 (Todas las versiones anteriores a V5.0.7), Teamcenter Active Workspace versiones V5.1 (Todas las versiones anteriores a V5.1.4). Mediante el envío de peticiones malformadas, un atacante remoto podría filtrar un token de la aplicación debido a un error manejado inapropiadamente por el sistema • https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •