CVE-2023-4296: PTC Codebeamer Cross site scripting
First published: Tue Aug 29 2023(Updated: )
?If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.
Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intland codeBeamer | =21.09.0 | |
| Intland codeBeamer | =21.09.0-sp1 | |
| Intland codeBeamer | =21.09.0-sp10 | |
| Intland codeBeamer | =21.09.0-sp11 | |
| Intland codeBeamer | =21.09.0-sp12 | |
| Intland codeBeamer | =21.09.0-sp13 | |
| Intland codeBeamer | =21.09.0-sp2 | |
| Intland codeBeamer | =21.09.0-sp3 | |
| Intland codeBeamer | =21.09.0-sp4 | |
| Intland codeBeamer | =21.09.0-sp5 | |
| Intland codeBeamer | =21.09.0-sp6 | |
| Intland codeBeamer | =21.09.0-sp7 | |
| Intland codeBeamer | =21.09.0-sp8 | |
| Intland codeBeamer | =21.09.0-sp9 | |
| Intland codeBeamer | =22.04.0 | |
| Intland codeBeamer | =22.04.0-sp1 | |
| Intland codeBeamer | =22.04.0-sp2 | |
| Intland codeBeamer | =22.04.0-sp3 | |
| Intland codeBeamer | =22.04.0-sp4 | |
| Intland codeBeamer | =22.04.0-sp5 | |
| Intland codeBeamer | =22.10.0 | |
| Intland codeBeamer | =22.10.0-sp1 | |
| Intland codeBeamer | =22.10.0-sp2 | |
| Intland codeBeamer | =22.10.0-sp3 | |
| Intland codeBeamer | =22.10.0-sp4 | |
| Intland codeBeamer | =22.10.0-sp5 | |
| Intland codeBeamer | =22.10.0-sp6 | |
| Intland codeBeamer | =22.10.0-sp7 | |
| Intland codeBeamer | =22.10.0-sp8 | |
| PTC Codebeamer: v22.10-SP7 or lower | ||
| PTC Codebeamer: v22.04-SP5 or lower | ||
| PTC Codebeamer: v21.09-SP13 or lower |
Remedy
PTC recommends the following: * Version 22.10.X: upgrade to 22.10-SP8 https://intland.com/codebeamer-download/ or newer version * Version 22.04.X: upgrade to 22.04-SP6 https://intland.com/codebeamer-download/ or newer version * Version 21.09.X: upgrade to 21.09-SP14 https://intland.com/codebeamer-download/ or newer version Docker Image download: https://hub.docker.com/r/intland/codebeamer/tags https://hub.docker.com/r/intland/codebeamer/tags Codebeamer installers: https://intland.com/codebeamer-download/ https://intland.com/codebeamer-download/ Hosted customers may request an upgrade through the support channel https://codebeamer.com/cb/tracker/1910563 . Note that version 2.0 is not impacted by this vulnerability. For more information refer to PTC Security Advisory and Resolution https://codebeamer.com/cb/wiki/31346480 .
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/weakness
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/title
- agent/tags
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- vendor/intland
- canonical/intland codebeamer
- version/intland codebeamer/21.09.0
- version/intland codebeamer/21.09.0-sp1
- version/intland codebeamer/21.09.0-sp10
- version/intland codebeamer/21.09.0-sp11
- version/intland codebeamer/21.09.0-sp12
- version/intland codebeamer/21.09.0-sp13
- version/intland codebeamer/21.09.0-sp2
- version/intland codebeamer/21.09.0-sp3
- version/intland codebeamer/21.09.0-sp4
- version/intland codebeamer/21.09.0-sp5
- version/intland codebeamer/21.09.0-sp6
- version/intland codebeamer/21.09.0-sp7
- version/intland codebeamer/21.09.0-sp8
- version/intland codebeamer/21.09.0-sp9
- version/intland codebeamer/22.04.0
- version/intland codebeamer/22.04.0-sp1
- version/intland codebeamer/22.04.0-sp2
- version/intland codebeamer/22.04.0-sp3
- version/intland codebeamer/22.04.0-sp4
- version/intland codebeamer/22.04.0-sp5
- version/intland codebeamer/22.10.0
- version/intland codebeamer/22.10.0-sp1
- version/intland codebeamer/22.10.0-sp2
- version/intland codebeamer/22.10.0-sp3
- version/intland codebeamer/22.10.0-sp4
- version/intland codebeamer/22.10.0-sp5
- version/intland codebeamer/22.10.0-sp6
- version/intland codebeamer/22.10.0-sp7
- version/intland codebeamer/22.10.0-sp8
- vendor/ptc
- canonical/ptc codebeamer: v22.10-sp7 or lower
- canonical/ptc codebeamer: v22.04-sp5 or lower
- canonical/ptc codebeamer: v21.09-sp13 or lower