Unrated severityNVD Advisory· Published Sep 14, 2021· Updated Aug 4, 2024

CVE-2021-40354

Description

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks".

Affected products

Siemens Foundation/Teamcentercpe-rescue4 versions
All versions < V12.4.0.8+ 3 more
- (no CPE)range: All versions < V12.4.0.8
- (no CPE)range: All versions < V13.0.0.7
- (no CPE)range: All versions < V13.1.0.5
- (no CPE)range: All versions < 13.2.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-987403.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000