ID
VAR-201807-1339
CVE
CVE-2018-11450
TITLE
Siemens PLM Software TEAMCENTER Vulnerable to cross-site scripting
Trust: 0.8
DESCRIPTION
A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software TEAMCENTER V9.1.3 and newer are not affected. This product is mainly used to manage and share product designs, files, BOM And data etc. Attackers can use specially made URL Use this vulnerability to inject html or JavaScript Code, modify or rewrite the login page
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | siemens | model: | teamcenter product lifecycle management | scope: | lte | version: | 9.1.2.5 | Trust: 1.0 |
| vendor: | siemens | model: | teamcenter | scope: | eq | version: | 9.1.2.5 | Trust: 0.8 |
| vendor: | siemens | model: | teamcenter product lifecycle management | scope: | eq | version: | 9.1.2.5 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Teamcenter | url: | https://www.plm.automation.siemens.com/global/en/products/teamcenter/ | Trust: 0.8 |
| title: | Siemens PLM Software TEAMCENTER Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84004 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-11450 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2018-007765 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201807-465 | Trust: 0.7 |
| db: | VULHUB | id: | VH-CVE-2018-11450 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/lucvandonk/siemens-siemens-plm-software-teamcenter-reflected-cross-site-scripting-xss-vulnerability/wiki | Trust: 2.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11450 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-11450 | Trust: 0.8 |
SOURCES
| db: | VULHUB | id: | VH-CVE-2018-11450 |
| db: | JVNDB | id: | JVNDB-2018-007765 |
| db: | CNNVD | id: | CNNVD-201807-465 |
| db: | NVD | id: | CVE-2018-11450 |
LAST UPDATE DATE
2022-05-04T10:15:52.557000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VH-CVE-2018-11450 | date: | 2020-11-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-007765 | date: | 2018-09-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201807-465 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2018-11450 | date: | 2019-10-09T23:33:00 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VH-CVE-2018-11450 | date: | 2018-05-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-007765 | date: | 2018-09-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-201807-465 | date: | 2018-07-09T00:00:00 |
| db: | NVD | id: | CVE-2018-11450 | date: | 2018-07-09T20:29:00 |