CVE-2020-26981

{"id": "CVE-2020-26981", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-01-12T21:15:16.683", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en JT2Go (todas las versiones anteriores a V13.1.0), Teamcenter Visualization (todas las versiones anteriores a V13.1.0). Al abrir un archivo xml especialmente dise\u00f1ado, la aplicaci\u00f3n podr\u00eda revelar archivos arbitrarios a atacantes remotos. Esto es debido al paso de contenido especialmente dise\u00f1ado al analizador XML subyacente sin tomar las restricciones apropiadas, como prohibir un dtd externo. ZDI-CAN-11890)"}], "lastModified": "2021-02-23T13:50:30.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "307FDFE4-A801-4978-8903-BC38ED035927", "versionEndExcluding": "13.1.0"}, {"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30E90A52-9FD9-450A-8003-9F6C451E0823", "versionEndExcluding": "13.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}