Permissions, Privileges, and Access Controls in Teamcenter - CVE-2021-40354
Published: September 17, 2021
Vulnerability identifier: #VU56675
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-40354
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Teamcenter
Teamcenter
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote authenticated attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the "surrogate" functionality, which leads to security restrictions bypass and privilege escalation.
Remediation
Install updates from vendor's website.