CVE-2021-40354 Information

Description

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8) Teamcenter V13.0 (All versions < V13.0.0.7) Teamcenter V13.1 (All versions < V13.1.0.5) Teamcenter V13.2 (All versions < 13.2.0.2). The \surrogate\ functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the \inbox/surrogate tasks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

LOW

Base Score

NONE

Base Severity

7.1