CVE-2021-40357

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host.

CVSS v3 4.9 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:teamcenter_active_workspace::::::::
	cpe:2.3:a:siemens:teamcenter_active_workspace::::::::
	cpe:2.3:a:siemens:teamcenter_active_workspace::::::::
	cpe:2.3:a:siemens:teamcenter_active_workspace::::::::

History

28 Sep 2021, 13:19

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.0 v3 : 4.9
References	~~(MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf -~~	(MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf - Patch, Vendor Advisory
CPE		cpe:2.3:a:siemens:teamcenter_active_workspace::::::::

14 Sep 2021, 11:42

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-09-14 11:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-40357

Mitre link : CVE-2021-40357

CVE.ORG link : CVE-2021-40357

JSON object : View

Products Affected

siemens

teamcenter_active_workspace

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2021-40357", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2021-09-14T11:15:26.903", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Teamcenter Active Workspace versi\u00f3n V4.3 (Todas las versiones anteriores a V4.3.10), Teamcenter Active Workspace versi\u00f3n V5.0 (Todas las versiones anteriores a V5.0.8), Teamcenter Active Workspace versi\u00f3n V5.1 (Todas las versiones anteriores a V5.1.5), Teamcenter Active Workspace versi\u00f3n V5.2 (Todas las versiones anteriores a V5.2.1). Una vulnerabilidad de salto de ruta en la aplicaci\u00f3n podr\u00eda permitir a un atacante omitir ciertas restricciones como el acceso directo a otros servicios dentro del host"}], "lastModified": "2021-09-28T13:19:05.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:teamcenter_active_workspace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06496979-50CD-4BA7-A80C-0626FD05147D", "versionEndExcluding": "4.3.10", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:siemens:teamcenter_active_workspace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5BB8C64-8E07-404B-979F-646001AD7039", "versionEndExcluding": "5.0.8", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:siemens:teamcenter_active_workspace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7AB2BDD-3285-4F33-8C58-91B83E3F7D16", "versionEndExcluding": "5.1.5", "versionStartIncluding": "5.1.0"}, {"criteria": "cpe:2.3:a:siemens:teamcenter_active_workspace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAF6FFF3-89F4-4355-B6C6-C5A4395E3E3F", "versionEndExcluding": "5.2.1", "versionStartIncluding": "5.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}