CVE-2021-33710

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Teamcenter Active Workspace V4; Teamcenter Active Workspace V5.0; Teamcenter Active Workspace V5.1
Vendor: CVE Published:; 13 July 2021

Summary

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected devices that could allow an attacker to execute malicious JavaScript code by tricking users into accessing a malicious link.

Affected Version(s)

Teamcenter Active Workspace V4 All versions < V4.3.9

Teamcenter Active Workspace V5.0 All versions < V5.0.7

Teamcenter Active Workspace V5.1 All versions < V5.1.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-62253...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
May 28, 2021