CVE-2021-41547

December 16, 2021

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights.

Summary:

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights.

Reference Links(if available):

  • https://cert-portal.siemens.com/productcert/pdf/ssa-133772.pdf

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    CISA Logo

    US-CERT Vulnerability Summary for the Week of October 28, 2024

    November 4, 2024
    hackerone

    HackerOne Bug Bounty Disclosure: stored-xss-on-trix-editor-version-thwin-htet

    November 4, 2024
    image

    [RANSOMHUB] – Ransomware Victim: www[.]mssupply[.]com

    November 4, 2024
    image

    [RANSOMHUB] – Ransomware Victim: www[.]drbutlerandassociates[.]com

    November 4, 2024
    image

    [RANSOMHUB] – Ransomware Victim: www[.]schweiker[.]de

    November 4, 2024