Reflected Cross-Site Scripting in Teamcenter Active Workspace by Siemens
CVE-2021-33710

6.1MEDIUM

Key Information:

Vendor

Siemens
Status
Teamcenter Active Workspace V4
Teamcenter Active Workspace V5.0
Teamcenter Active Workspace V5.1
Vendor
CVE Published:
13 July 2021

What is CVE-2021-33710?

A reflected cross-site scripting (XSS) vulnerability has been detected in the web interface of Teamcenter Active Workspace. This flaw affects several versions of the product, allowing attackers to inject malicious JavaScript code via specially crafted links. Users tricked into clicking these links may inadvertently execute harmful scripts in their browsers, potentially leading to unauthorized actions and data exposure. It's essential for organizations using affected versions to apply security updates and implement safeguards to mitigate this risk.

Affected Version(s)

Teamcenter Active Workspace V4 All versions < V4.3.9

Teamcenter Active Workspace V5.0 All versions < V5.0.7

Teamcenter Active Workspace V5.1 All versions < V5.1.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-62253...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.