![]() **Vulnerability Notice** Two vulnerabilities have been identified in Teamcenter, a product lifecycle management software. ![]() **Vulnerability 1: Infinite Loop (CVE-2022-34661)** The affected product is vulnerable to an infinite loop attack that can cause it to enter an infinite loop and utilize CPU cycles. This could lead to a denial-of-service condition. The CVSS v3 base score for this vulnerability is 7.6, with the following vector string: (AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H). **Vulnerability 2: Command Injection (CVE-2022-34660)** The affected product is also vulnerable to command injection attacks, which could allow an attacker to remotely execute arbitrary code. The CVSS v3 base score for this vulnerability is not specified. **Affected Products** The following versions of Teamcenter are affected: * Teamcenter v14.0: All versions prior to v14.0.0.2 * Teamcenter v13.3: All versions prior to v13.3.0.5 * Teamcenter v13.2: All versions prior to v13.2.0.9 * Teamcenter v13.1: All versions prior to v13.1.0.10 * Teamcenter v13.0: All versions prior to v13.0.0.10 * Teamcenter v12.4: All versions prior to v12.4.0.15 **Exploitation** Successful exploitation of these vulnerabilities could lead to command injection and denial-of-service conditions. ![]() **Vulnerability Details** The identified vulnerabilities are: * Command Injection (CWE-77) * Infinite Loop ('INFINITE LOOP') CWE-835 **Exploitation Notes** The vulnerabilities can be exploited remotely, with low attack complexity.
0 Comments
Leave a Reply. |