Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-41547

Опубликовано: 14 дек. 2021
Источник: nvd
CVSS3: 7.2
CVSS2: 6.5
EPSS Низкий

Описание

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:teamcenter_active_workspace:*:*:*:*:*:*:*:*
Версия от 4.3 (включая) до 4.3.11 (исключая)
cpe:2.3:a:siemens:teamcenter_active_workspace:*:*:*:*:*:*:*:*
Версия от 5.0 (включая) до 5.0.10 (исключая)
cpe:2.3:a:siemens:teamcenter_active_workspace:*:*:*:*:*:*:*:*
Версия от 5.1 (включая) до 5.1.6 (исключая)
cpe:2.3:a:siemens:teamcenter_active_workspace:*:*:*:*:*:*:*:*
Версия от 5.2 (включая) до 5.2.3 (исключая)

EPSS

Процентиль: 74%
0.00822
Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-22
CWE-22

Связанные уязвимости

github логотип

GHSA-x4wg-w7pm-7f26

github
около 4 лет назад

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights.

EPSS

Процентиль: 74%
0.00822
Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-22
CWE-22