{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4296", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-08-10T14:52:35.290Z", "datePublished": "2023-08-29T21:42:48.880Z", "dateUpdated": "2023-08-31T14:44:51.524Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Codebeamer", "vendor": "PTC", "versions": [{"lessThanOrEqual": "v22.10-SP7", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "v22.04-SP5", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "v21.09-SP13", "status": "affected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "2.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Niklas Schilling of SEC Consult Vulnerability Lab reported this vulnerability to CISA."}], "datePublic": "2023-08-29T21:38:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.</span>\n\n"}], "value": "\n\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-08-31T14:44:51.524Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01"}, {"url": "https://codebeamer.com/cb/wiki/31346480"}, {"url": "http://seclists.org/fulldisclosure/2023/Sep/10"}, {"url": "http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>PTC recommends the following:</p><ul><li>\u200bVersion 22.10.X: <a target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\">upgrade to 22.10-SP8</a>&nbsp;or newer version</li><li>\u200bVersion 22.04.X: <a target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\">upgrade to 22.04-SP6</a>&nbsp;or newer version</li><li>\u200bVersion 21.09.X: <a target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\">upgrade to 21.09-SP14</a>&nbsp;or newer version</li></ul><p>\u200bDocker Image download: <a target=\"_blank\" rel=\"nofollow\" href=\"https://hub.docker.com/r/intland/codebeamer/tags\">https://hub.docker.com/r/intland/codebeamer/tags</a></p><p>\u200bCodebeamer installers: <a target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\">https://intland.com/codebeamer-download/</a></p><p>\u200bHosted customers may <a target=\"_blank\" rel=\"nofollow\" href=\"https://codebeamer.com/cb/tracker/1910563?showAll=false\">request an upgrade through the support channel</a>.</p><p>\u200bNote that version 2.0 is not impacted by this vulnerability.</p><p>\u200bFor more information refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://codebeamer.com/cb/wiki/31346480\">PTC Security Advisory and Resolution</a>.</p>\n\n<br>"}], "value": "\nPTC recommends the following:\n\n * \u200bVersion 22.10.X: upgrade to 22.10-SP8 https://intland.com/codebeamer-download/ \u00a0or newer version\n * \u200bVersion 22.04.X: upgrade to 22.04-SP6 https://intland.com/codebeamer-download/ \u00a0or newer version\n * \u200bVersion 21.09.X: upgrade to 21.09-SP14 https://intland.com/codebeamer-download/ \u00a0or newer version\n\n\n\u200bDocker Image download: https://hub.docker.com/r/intland/codebeamer/tags https://hub.docker.com/r/intland/codebeamer/tags \n\n\u200bCodebeamer installers: https://intland.com/codebeamer-download/ https://intland.com/codebeamer-download/ \n\n\u200bHosted customers may request an upgrade through the support channel https://codebeamer.com/cb/tracker/1910563 .\n\n\u200bNote that version 2.0 is not impacted by this vulnerability.\n\n\u200bFor more information refer to PTC Security Advisory and Resolution https://codebeamer.com/cb/wiki/31346480 .\n\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "PTC Codebeamer Cross site scripting", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:-:*:*:*:*:*:*", "matchCriteriaId": "D8842BD8-5ADE-4F4C-892B-C7FD0BD00549", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "4A96C543-780C-4FB8-9B66-E3A970284157", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp10:*:*:*:*:*:*", "matchCriteriaId": "869FDFD2-B254-46F1-977C-8C45FC53CF4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp11:*:*:*:*:*:*", "matchCriteriaId": "E162A5AA-DF07-4DB9-A0ED-15CD181B3E8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp12:*:*:*:*:*:*", "matchCriteriaId": "61E616EF-4DD8-4F24-8132-069D1839CC44", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp13:*:*:*:*:*:*", "matchCriteriaId": "4E1FFA2A-5A02-4D3E-AF1A-49F9CB751B29", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "8EC6A60D-1117-45A3-B64F-6A3C99CCCBF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "82586B4B-1876-4F6A-903A-B89A50CB13DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "EF54ED5C-B686-4036-8EC4-C2C65D4463FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp5:*:*:*:*:*:*", "matchCriteriaId": "D8162D88-A7D0-4BC0-A2D9-D83EC620C009", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp6:*:*:*:*:*:*", "matchCriteriaId": "FE271018-6A6F-4CDD-97AA-12F8A9DE9640", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp7:*:*:*:*:*:*", "matchCriteriaId": "21A2D6ED-17D8-4DAD-9775-02419D79DD3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp8:*:*:*:*:*:*", "matchCriteriaId": "A099E310-FBA2-4EB1-BD86-C52686E7FA89", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp9:*:*:*:*:*:*", "matchCriteriaId": "0291CE0C-97E3-4933-9B13-6DBB616DAA60", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:-:*:*:*:*:*:*", "matchCriteriaId": "334D6C73-8DED-4C77-9222-5534D1F3503D", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "7F517B94-96C4-4FD0-BB84-73CA2BA0F88B", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "65EA30F3-F924-42B3-BFCC-875411C0A7C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "42357940-98B9-4966-9B85-E5AB495560A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "EB8DB5F9-1972-4F06-9060-E95F8C462681", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:sp5:*:*:*:*:*:*", "matchCriteriaId": "6AD9CDC5-D62C-4CC4-9328-2C0E41300CDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:-:*:*:*:*:*:*", "matchCriteriaId": "A54ADF57-985E-41AB-B1DF-77E9303531E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "F94411ED-3CDA-4432-8487-2EE2DD072D6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "E4050B8C-FBA8-48CA-AF45-BC7C70235E37", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "19490284-BC6A-45A0-B68D-743E139EB067", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "D5CF8652-238F-4442-9AA2-B8A6FD9B681C", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp5:*:*:*:*:*:*", "matchCriteriaId": "FC9DEE58-BD1A-47DB-918B-CE1A1D7A7866", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp6:*:*:*:*:*:*", "matchCriteriaId": "8948D8AB-8392-4CD8-8F8B-F59410A37BBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp7:*:*:*:*:*:*", "matchCriteriaId": "A3E14B5E-A1CF-402C-B56A-C745DE28BF91", "vulnerable": true}, {"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp8:*:*:*:*:*:*", "matchCriteriaId": "0B1F1CCA-B937-4AFB-8363-554D74DE71BD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\n\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.\n\n"}, {"lang": "es", "value": "?Si un atacante enga\u00f1a a un usuario administrador de PTC Codebeamer para que haga clic en un v\u00ednculo malicioso, puede permitir que el atacante inyecte c\u00f3digo arbitrario para que se ejecute en el navegador del dispositivo de destino."}], "id": "CVE-2023-4296", "lastModified": "2023-11-07T04:22:26.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-08-29T22:15:09.297", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html"}, {"source": "ics-cert@hq.dhs.gov", "url": "http://seclists.org/fulldisclosure/2023/Sep/10"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://codebeamer.com/cb/wiki/31346480"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}