CVE-2021-40355

2021-09-1410:47:59

CWE-639

siemens

www.cve.org

cve-2021-40355

teamcenter

insecure direct object reference

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

39.5%

JSON

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly.

CNA Affected

[
  {
    "product": "Teamcenter V12.4",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V12.4.0.8"
      }
    ]
  },
  {
    "product": "Teamcenter V13.0",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V13.0.0.7"
      }
    ]
  },
  {
    "product": "Teamcenter V13.1",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V13.1.0.5"
      }
    ]
  },
  {
    "product": "Teamcenter V13.2",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < 13.2.0.2"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf