A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks".
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: siemens
Published: 2021-09-14T10:47:58
Updated: 2021-09-14T10:47:58
Reserved: 2021-09-01T00:00:00
Link: CVE-2021-40354
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-14T11:15:26.667
Modified: 2022-08-12T17:49:31.817
Link: CVE-2021-40354
JSON object: View
Redhat Information
No data.