First published: Tue Jul 13 2021(Updated: )
A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected devices that could allow an attacker to execute malicious JavaScript code by tricking users into accessing a malicious link.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Teamcenter Active Workspace | >=4.0.0<4.3.9 | |
Siemens Teamcenter Active Workspace | >=5.0.0<5.0.7 | |
Siemens Teamcenter Active Workspace | >=5.1.0<5.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-33710 is a vulnerability in Siemens Teamcenter Active Workspace versions prior to V4.3.9, V5.0.7, and V5.1.4, which allows for reflected cross-site scripting (XSS) attacks.
CVE-2021-33710 has a severity rating of 6.1, which is classified as medium.
CVE-2021-33710 affects Siemens Teamcenter Active Workspace versions prior to V4.3.9, V5.0.7, and V5.1.4 by allowing an attacker to perform reflected cross-site scripting (XSS) attacks through the web interface.
CVE-2021-33710 is associated with CWE-79, which is the Cross-Site Scripting (XSS) vulnerability category.
To mitigate the CVE-2021-33710 vulnerability, it is recommended to update Siemens Teamcenter Active Workspace to versions V4.3.9, V5.0.7, or V5.1.4, which have addressed the reflected cross-site scripting (XSS) vulnerability.