CVE-2021-40356

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
siemensCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
siemensteamcenter_visualization
12.4.0 ≤
𝑥
< 12.4.0.8
siemensteamcenter_visualization
13.0.0 ≤
𝑥
< 13.0.0.7
siemensteamcenter_visualization
13.1.0 ≤
𝑥
< 13.1.0.5
siemensteamcenter_visualization
13.2.0 ≤
𝑥
< 13.2.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf