Token Leak in Siemens Teamcenter Active Workspace Due to Malformed Requests
CVE-2021-33709

4.3MEDIUM

Key Information:

Vendor
Siemens
Status
Teamcenter Active Workspace V4
Teamcenter Active Workspace V5.0
Teamcenter Active Workspace V5.1
Vendor
CVE Published:
13 July 2021

Summary

A vulnerability exists in Siemens Teamcenter Active Workspace that allows remote attackers to exploit improperly handled inputs to leak application tokens. This occurs when malformed requests are sent to the affected versions of the software, potentially exposing sensitive information and compromising system security. Users are advised to apply the necessary updates and mitigate risks.

Affected Version(s)

Teamcenter Active Workspace V4 All versions < V4.3.9

Teamcenter Active Workspace V5.0 All versions < V5.0.7

Teamcenter Active Workspace V5.1 All versions < V5.1.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-62253...
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.