Search criteria
24 vulnerabilities found for codebeamer by intland
FKIE_CVE-2023-4296
Vulnerability from fkie_nvd - Published: 2023-08-29 22:15 - Updated: 2025-02-13 17:17
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 21.09.0 | |
| intland | codebeamer | 22.04.0 | |
| intland | codebeamer | 22.04.0 | |
| intland | codebeamer | 22.04.0 | |
| intland | codebeamer | 22.04.0 | |
| intland | codebeamer | 22.04.0 | |
| intland | codebeamer | 22.04.0 | |
| intland | codebeamer | 22.10.0 | |
| intland | codebeamer | 22.10.0 | |
| intland | codebeamer | 22.10.0 | |
| intland | codebeamer | 22.10.0 | |
| intland | codebeamer | 22.10.0 | |
| intland | codebeamer | 22.10.0 | |
| intland | codebeamer | 22.10.0 | |
| intland | codebeamer | 22.10.0 | |
| intland | codebeamer | 22.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D8842BD8-5ADE-4F4C-892B-C7FD0BD00549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "4A96C543-780C-4FB8-9B66-E3A970284157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp10:*:*:*:*:*:*",
"matchCriteriaId": "869FDFD2-B254-46F1-977C-8C45FC53CF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp11:*:*:*:*:*:*",
"matchCriteriaId": "E162A5AA-DF07-4DB9-A0ED-15CD181B3E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp12:*:*:*:*:*:*",
"matchCriteriaId": "61E616EF-4DD8-4F24-8132-069D1839CC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp13:*:*:*:*:*:*",
"matchCriteriaId": "4E1FFA2A-5A02-4D3E-AF1A-49F9CB751B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8EC6A60D-1117-45A3-B64F-6A3C99CCCBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "82586B4B-1876-4F6A-903A-B89A50CB13DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "EF54ED5C-B686-4036-8EC4-C2C65D4463FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "D8162D88-A7D0-4BC0-A2D9-D83EC620C009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "FE271018-6A6F-4CDD-97AA-12F8A9DE9640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "21A2D6ED-17D8-4DAD-9775-02419D79DD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "A099E310-FBA2-4EB1-BD86-C52686E7FA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.09.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "0291CE0C-97E3-4933-9B13-6DBB616DAA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:-:*:*:*:*:*:*",
"matchCriteriaId": "334D6C73-8DED-4C77-9222-5534D1F3503D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7F517B94-96C4-4FD0-BB84-73CA2BA0F88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "65EA30F3-F924-42B3-BFCC-875411C0A7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "42357940-98B9-4966-9B85-E5AB495560A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB5F9-1972-4F06-9060-E95F8C462681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.04.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "6AD9CDC5-D62C-4CC4-9328-2C0E41300CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A54ADF57-985E-41AB-B1DF-77E9303531E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F94411ED-3CDA-4432-8487-2EE2DD072D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E4050B8C-FBA8-48CA-AF45-BC7C70235E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "19490284-BC6A-45A0-B68D-743E139EB067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "D5CF8652-238F-4442-9AA2-B8A6FD9B681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "FC9DEE58-BD1A-47DB-918B-CE1A1D7A7866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "8948D8AB-8392-4CD8-8F8B-F59410A37BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "A3E14B5E-A1CF-402C-B56A-C745DE28BF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:22.10.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "0B1F1CCA-B937-4AFB-8363-554D74DE71BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device."
},
{
"lang": "es",
"value": "?Si un atacante enga\u00f1a a un usuario administrador de PTC Codebeamer para que haga clic en un v\u00ednculo malicioso, puede permitir que el atacante inyecte c\u00f3digo arbitrario para que se ejecute en el navegador del dispositivo de destino."
}
],
"id": "CVE-2023-4296",
"lastModified": "2025-02-13T17:17:17.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-29T22:15:09.297",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://seclists.org/fulldisclosure/2023/Sep/10"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://codebeamer.com/cb/wiki/31346480"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2023/Sep/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://codebeamer.com/cb/wiki/31346480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-26516
Vulnerability from fkie_nvd - Published: 2021-06-08 13:15 - Updated: 2024-11-21 05:19
Severity ?
Summary
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intland | codebeamer | 10.0.0 | |
| intland | codebeamer | 10.0.0 | |
| intland | codebeamer | 10.0.0 | |
| intland | codebeamer | 10.0.0 | |
| intland | codebeamer | 10.0.0 | |
| intland | codebeamer | 10.0.1 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 21.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "EE5B0480-89AF-44AE-A9C1-0656627FA777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4:*:*:*:*:*:*",
"matchCriteriaId": "E3C0AE05-0E16-498D-B38D-4104C764CDAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83F33C62-2D1B-462D-B3D6-FA0BB3EF4BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F9DC14C6-92A8-4388-9D8F-AD2C3201AD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A1D61084-CBE7-464D-BA6A-485627BCB2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "568A8794-36C0-40BE-9867-7D29D77DBC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A0128D1A-DA5B-49EE-ABC2-DA75EF2B5594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "35461BDC-7A06-49AE-A528-DB6A986C9F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B32DF425-549F-4BEC-A7B6-F66CE063C878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8166F01E-B271-4491-B932-00BF843D2146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "504110BC-FC0C-4A3F-824C-5BF4C573A792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B7C6A7-5FA8-42B8-B83B-0BF908A72E44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim\u0027s browser to execute undesired actions in the web application through crafted requests."
},
{
"lang": "es",
"value": "Se ha detectado un problema de tipo CSRF en Intland codeBeamer ALM versiones 10.x hasta 10.1.SP4. Las peticiones enviadas al servidor que desencadenan acciones no contienen un token de tipo CSRF y, por lo tanto, pueden predecirse por completo, lo que permite a atacantes causar que el navegador de la v\u00edctima ejecute acciones no deseadas en la aplicaci\u00f3n web mediante peticiones manipuladas"
}
],
"id": "CVE-2020-26516",
"lastModified": "2024-11-21T05:19:58.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-08T13:15:07.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-26517
Vulnerability from fkie_nvd - Published: 2021-06-08 13:15 - Updated: 2024-11-21 05:19
Severity ?
Summary
A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intland | codebeamer | 10.0.0 | |
| intland | codebeamer | 10.0.0 | |
| intland | codebeamer | 10.0.0 | |
| intland | codebeamer | 10.0.0 | |
| intland | codebeamer | 10.0.0 | |
| intland | codebeamer | 10.0.1 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 21.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "EE5B0480-89AF-44AE-A9C1-0656627FA777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4:*:*:*:*:*:*",
"matchCriteriaId": "E3C0AE05-0E16-498D-B38D-4104C764CDAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "83F33C62-2D1B-462D-B3D6-FA0BB3EF4BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F9DC14C6-92A8-4388-9D8F-AD2C3201AD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A1D61084-CBE7-464D-BA6A-485627BCB2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.0.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "568A8794-36C0-40BE-9867-7D29D77DBC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A0128D1A-DA5B-49EE-ABC2-DA75EF2B5594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "35461BDC-7A06-49AE-A528-DB6A986C9F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B32DF425-549F-4BEC-A7B6-F66CE063C878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8166F01E-B271-4491-B932-00BF843D2146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "504110BC-FC0C-4A3F-824C-5BF4C573A792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:21.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B7C6A7-5FA8-42B8-B83B-0BF908A72E44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only)."
},
{
"lang": "es",
"value": "Se ha detectado un problema de tipo cross-site scripting (XSS) en Intland codeBeamer ALM versiones 10.x hasta 10.1.SP4. Es posible llevar a cabo ataques de tipo XSS mediante del uso de la funcionalidad WebDAV para subir archivos a un proyecto (usuarios de Authn), usando la funcionalidad users import (solo Admin), y cambiando el texto de inicio de sesi\u00f3n en la configuraci\u00f3n de la aplicaci\u00f3n (solo Admin)"
}
],
"id": "CVE-2020-26517",
"lastModified": "2024-11-21T05:19:58.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-08T13:15:07.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-26515
Vulnerability from fkie_nvd - Published: 2021-06-08 13:15 - Updated: 2024-11-21 05:19
Severity ?
Summary
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intland | codebeamer | * | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intland:codebeamer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3BE8BD-0868-4A50-BF06-BAE474BF5328",
"versionEndExcluding": "10.1.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A0128D1A-DA5B-49EE-ABC2-DA75EF2B5594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "35461BDC-7A06-49AE-A528-DB6A986C9F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B32DF425-549F-4BEC-A7B6-F66CE063C878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8166F01E-B271-4491-B932-00BF843D2146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "504110BC-FC0C-4A3F-824C-5BF4C573A792",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user\u0027s credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key."
},
{
"lang": "es",
"value": "Se ha detectado un problema de credenciales insuficientemente protegidas en Intland codeBeamer ALM versiones 10.x hasta 10.1.SP4. La cookie remember-me (CB_LOGIN) emitida por la aplicaci\u00f3n contiene las credenciales del usuario cifradas. Sin embargo, debido a un bug en el c\u00f3digo de la aplicaci\u00f3n, esas credenciales se cifran usando una clave de cifrado NULL"
}
],
"id": "CVE-2020-26515",
"lastModified": "2024-11-21T05:19:58.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-08T13:15:07.457",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-09_CSNC-2020-010-codebeamer_ALM_Insecure-RememberMe.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-09_CSNC-2020-010-codebeamer_ALM_Insecure-RememberMe.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-26513
Vulnerability from fkie_nvd - Published: 2020-12-07 16:15 - Updated: 2024-11-21 05:19
Severity ?
Summary
An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt | Exploit, Third Party Advisory | |
| cve@mitre.org | https://intland.com/codebeamer/application-lifecycle-management/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://intland.com/codebeamer/application-lifecycle-management/ | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intland | codebeamer | * | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 | |
| intland | codebeamer | 10.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intland:codebeamer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3BE8BD-0868-4A50-BF06-BAE474BF5328",
"versionEndExcluding": "10.1.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A0128D1A-DA5B-49EE-ABC2-DA75EF2B5594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "35461BDC-7A06-49AE-A528-DB6A986C9F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "B32DF425-549F-4BEC-A7B6-F66CE063C878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8166F01E-B271-4491-B932-00BF843D2146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "504110BC-FC0C-4A3F-824C-5BF4C573A792",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Intland codeBeamer ALM versiones 10.xa 10.1.SP4. Los datos XML de ReqIF, usados por la aplicaci\u00f3n codebeamer ALM para importar proyectos, son analizados por componentes de software configurados de manera no segura, que pueden ser objeto de abuso para Ataques de tipo XML External Entity"
}
],
"id": "CVE-2020-26513",
"lastModified": "2024-11-21T05:19:56.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-07T16:15:12.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-20635
Vulnerability from fkie_nvd - Published: 2020-04-02 16:15 - Updated: 2024-11-21 04:38
Severity ?
Summary
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://codebeamer.com/cb/wiki/7372223 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://codebeamer.com/cb/wiki/7372223 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intland | codebeamer | * | |
| intland | codebeamer | 9.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intland:codebeamer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "177F035D-B940-4BFC-89B1-3C9AA6FF40B3",
"versionEndIncluding": "9.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intland:codebeamer:9.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4A3D0B2-7D3E-4199-B60A-6C8514080419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields."
},
{
"lang": "es",
"value": "codeBeamer versiones anteriores a 9.5.0-RC3, no restringe apropiadamente la capacidad de ejecutar c\u00f3digo Java personalizado y acceder al cargador de clases Java por medio de campos calculados."
}
],
"id": "CVE-2019-20635",
"lastModified": "2024-11-21T04:38:55.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-02T16:15:14.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://codebeamer.com/cb/wiki/7372223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://codebeamer.com/cb/wiki/7372223"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-470"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-19912
Vulnerability from fkie_nvd - Published: 2020-03-30 22:15 - Updated: 2024-11-21 04:35
Severity ?
Summary
In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intland | codebeamer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intland:codebeamer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF349D26-233D-41A4-880C-9956F96735E0",
"versionEndIncluding": "9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file."
},
{
"lang": "es",
"value": "En Intland codeBeamer ALM versiones 9.5 y anteriores, una vulnerabilidad de tipo cross-site scripting (XSS) en la funcionalidad Upload Flash File permite a atacantes remotos autenticados inyectar scripts arbitrarios por medio de un script activo insertado en un archivo SWF."
}
],
"id": "CVE-2019-19912",
"lastModified": "2024-11-21T04:35:38.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-30T22:15:13.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-19913
Vulnerability from fkie_nvd - Published: 2020-03-30 22:15 - Updated: 2024-11-21 04:35
Severity ?
Summary
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2020/Apr/9 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Apr/9 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intland | codebeamer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intland:codebeamer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF349D26-233D-41A4-880C-9956F96735E0",
"versionEndIncluding": "9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter."
},
{
"lang": "es",
"value": "En Intland codeBeamer ALM versiones 9.5 y anteriores, presenta una vulnerabilidad de tipo XSS almacenado por medio del par\u00e1metro Trackers Title."
}
],
"id": "CVE-2019-19913",
"lastModified": "2024-11-21T04:35:39.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-30T22:15:13.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2020/Apr/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2020/Apr/9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-4296 (GCVE-0-2023-4296)
Vulnerability from cvelistv5 – Published: 2023-08-29 21:42 – Updated: 2025-02-13 17:13
VLAI?
Title
PTC Codebeamer Cross site scripting
Summary
If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.
Severity ?
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PTC | Codebeamer |
Affected:
0 , ≤ v22.10-SP7
(custom)
Affected: 0 , ≤ v22.04-SP5 (custom) Affected: 0 , ≤ v21.09-SP13 (custom) Unaffected: 2.0 |
Credits
Niklas Schilling of SEC Consult Vulnerability Lab reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://codebeamer.com/cb/wiki/31346480"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Sep/10"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:33.944438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:30:47.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Codebeamer",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v22.10-SP7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v22.04-SP5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v21.09-SP13",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Niklas Schilling of SEC Consult Vulnerability Lab reported this vulnerability to CISA."
}
],
"datePublic": "2023-08-29T21:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.\u003c/span\u003e"
}
],
"value": "\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-18T12:06:22.546Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01"
},
{
"url": "https://codebeamer.com/cb/wiki/31346480"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/10"
},
{
"url": "http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePTC recommends the following:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u200bVersion 22.10.X: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003eupgrade to 22.10-SP8\u003c/a\u003e\u0026nbsp;or newer version\u003c/li\u003e\u003cli\u003e\u200bVersion 22.04.X: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003eupgrade to 22.04-SP6\u003c/a\u003e\u0026nbsp;or newer version\u003c/li\u003e\u003cli\u003e\u200bVersion 21.09.X: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003eupgrade to 21.09-SP14\u003c/a\u003e\u0026nbsp;or newer version\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u200bDocker Image download: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hub.docker.com/r/intland/codebeamer/tags\"\u003ehttps://hub.docker.com/r/intland/codebeamer/tags\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u200bCodebeamer installers: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003ehttps://intland.com/codebeamer-download/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u200bHosted customers may \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://codebeamer.com/cb/tracker/1910563?showAll=false\"\u003erequest an upgrade through the support channel\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u200bNote that version 2.0 is not impacted by this vulnerability.\u003c/p\u003e\u003cp\u003e\u200bFor more information refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://codebeamer.com/cb/wiki/31346480\"\u003ePTC Security Advisory and Resolution\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "PTC recommends the following:\n\n * \u200bVersion 22.10.X: upgrade to 22.10-SP8 https://intland.com/codebeamer-download/ \u00a0or newer version\n * \u200bVersion 22.04.X: upgrade to 22.04-SP6 https://intland.com/codebeamer-download/ \u00a0or newer version\n * \u200bVersion 21.09.X: upgrade to 21.09-SP14 https://intland.com/codebeamer-download/ \u00a0or newer version\n\n\n\u200bDocker Image download: https://hub.docker.com/r/intland/codebeamer/tags https://hub.docker.com/r/intland/codebeamer/tags \n\n\u200bCodebeamer installers: https://intland.com/codebeamer-download/ https://intland.com/codebeamer-download/ \n\n\u200bHosted customers may request an upgrade through the support channel https://codebeamer.com/cb/tracker/1910563 .\n\n\u200bNote that version 2.0 is not impacted by this vulnerability.\n\n\u200bFor more information refer to PTC Security Advisory and Resolution https://codebeamer.com/cb/wiki/31346480 ."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PTC Codebeamer Cross site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-4296",
"datePublished": "2023-08-29T21:42:48.880Z",
"dateReserved": "2023-08-10T14:52:35.290Z",
"dateUpdated": "2025-02-13T17:13:13.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26515 (GCVE-0-2020-26515)
Vulnerability from cvelistv5 – Published: 2021-06-08 12:47 – Updated: 2024-08-04 15:56
VLAI?
Summary
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-09_CSNC-2020-010-codebeamer_ALM_Insecure-RememberMe.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user\u0027s credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T12:47:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-09_CSNC-2020-010-codebeamer_ALM_Insecure-RememberMe.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user\u0027s credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://intland.com/codebeamer/application-lifecycle-management/",
"refsource": "MISC",
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"name": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-09_CSNC-2020-010-codebeamer_ALM_Insecure-RememberMe.txt",
"refsource": "MISC",
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-09_CSNC-2020-010-codebeamer_ALM_Insecure-RememberMe.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26515",
"datePublished": "2021-06-08T12:47:42",
"dateReserved": "2020-10-02T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26517 (GCVE-0-2020-26517)
Vulnerability from cvelistv5 – Published: 2021-06-08 12:42 – Updated: 2024-08-04 15:56
VLAI?
Summary
A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T12:42:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://intland.com/codebeamer/application-lifecycle-management/",
"refsource": "MISC",
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"name": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt",
"refsource": "MISC",
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26517",
"datePublished": "2021-06-08T12:42:17",
"dateReserved": "2020-10-02T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26516 (GCVE-0-2020-26516)
Vulnerability from cvelistv5 – Published: 2021-06-08 12:28 – Updated: 2024-08-04 15:56
VLAI?
Summary
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim\u0027s browser to execute undesired actions in the web application through crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T12:28:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim\u0027s browser to execute undesired actions in the web application through crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://intland.com/codebeamer/application-lifecycle-management/",
"refsource": "MISC",
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"name": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt",
"refsource": "MISC",
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26516",
"datePublished": "2021-06-08T12:28:19",
"dateReserved": "2020-10-02T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26513 (GCVE-0-2020-26513)
Vulnerability from cvelistv5 – Published: 2020-12-07 15:26 – Updated: 2024-08-04 15:56
VLAI?
Summary
An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-07T15:26:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://intland.com/codebeamer/application-lifecycle-management/",
"refsource": "MISC",
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"name": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt",
"refsource": "MISC",
"url": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26513",
"datePublished": "2020-12-07T15:26:25",
"dateReserved": "2020-10-02T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20635 (GCVE-0-2019-20635)
Vulnerability from cvelistv5 – Published: 2020-04-02 15:04 – Updated: 2024-08-05 02:46
VLAI?
Summary
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:46:10.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codebeamer.com/cb/wiki/7372223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T15:04:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codebeamer.com/cb/wiki/7372223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codebeamer.com/cb/wiki/7372223",
"refsource": "MISC",
"url": "https://codebeamer.com/cb/wiki/7372223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20635",
"datePublished": "2020-04-02T15:04:48",
"dateReserved": "2020-04-02T00:00:00",
"dateUpdated": "2024-08-05T02:46:10.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19912 (GCVE-0-2019-19912)
Vulnerability from cvelistv5 – Published: 2020-03-30 21:28 – Updated: 2024-08-05 02:32
VLAI?
Summary
In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T21:28:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19912",
"datePublished": "2020-03-30T21:28:00",
"dateReserved": "2019-12-19T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19913 (GCVE-0-2019-19913)
Vulnerability from cvelistv5 – Published: 2020-03-30 21:26 – Updated: 2024-08-05 02:32
VLAI?
Summary
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:09.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
},
{
"name": "20200414 Matrix42 Workspace Management 9.1.2.2765 - Reflected Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T18:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
},
{
"name": "20200414 Matrix42 Workspace Management 9.1.2.2765 - Reflected Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
},
{
"name": "20200414 Matrix42 Workspace Management 9.1.2.2765 - Reflected Cross-Site Scripting",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Apr/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19913",
"datePublished": "2020-03-30T21:26:28",
"dateReserved": "2019-12-19T00:00:00",
"dateUpdated": "2024-08-05T02:32:09.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4296 (GCVE-0-2023-4296)
Vulnerability from nvd – Published: 2023-08-29 21:42 – Updated: 2025-02-13 17:13
VLAI?
Title
PTC Codebeamer Cross site scripting
Summary
If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.
Severity ?
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PTC | Codebeamer |
Affected:
0 , ≤ v22.10-SP7
(custom)
Affected: 0 , ≤ v22.04-SP5 (custom) Affected: 0 , ≤ v21.09-SP13 (custom) Unaffected: 2.0 |
Credits
Niklas Schilling of SEC Consult Vulnerability Lab reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://codebeamer.com/cb/wiki/31346480"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Sep/10"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:33.944438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:30:47.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Codebeamer",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "v22.10-SP7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v22.04-SP5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v21.09-SP13",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Niklas Schilling of SEC Consult Vulnerability Lab reported this vulnerability to CISA."
}
],
"datePublic": "2023-08-29T21:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.\u003c/span\u003e"
}
],
"value": "\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-18T12:06:22.546Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01"
},
{
"url": "https://codebeamer.com/cb/wiki/31346480"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/10"
},
{
"url": "http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePTC recommends the following:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u200bVersion 22.10.X: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003eupgrade to 22.10-SP8\u003c/a\u003e\u0026nbsp;or newer version\u003c/li\u003e\u003cli\u003e\u200bVersion 22.04.X: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003eupgrade to 22.04-SP6\u003c/a\u003e\u0026nbsp;or newer version\u003c/li\u003e\u003cli\u003e\u200bVersion 21.09.X: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003eupgrade to 21.09-SP14\u003c/a\u003e\u0026nbsp;or newer version\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u200bDocker Image download: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hub.docker.com/r/intland/codebeamer/tags\"\u003ehttps://hub.docker.com/r/intland/codebeamer/tags\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u200bCodebeamer installers: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003ehttps://intland.com/codebeamer-download/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u200bHosted customers may \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://codebeamer.com/cb/tracker/1910563?showAll=false\"\u003erequest an upgrade through the support channel\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u200bNote that version 2.0 is not impacted by this vulnerability.\u003c/p\u003e\u003cp\u003e\u200bFor more information refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://codebeamer.com/cb/wiki/31346480\"\u003ePTC Security Advisory and Resolution\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "PTC recommends the following:\n\n * \u200bVersion 22.10.X: upgrade to 22.10-SP8 https://intland.com/codebeamer-download/ \u00a0or newer version\n * \u200bVersion 22.04.X: upgrade to 22.04-SP6 https://intland.com/codebeamer-download/ \u00a0or newer version\n * \u200bVersion 21.09.X: upgrade to 21.09-SP14 https://intland.com/codebeamer-download/ \u00a0or newer version\n\n\n\u200bDocker Image download: https://hub.docker.com/r/intland/codebeamer/tags https://hub.docker.com/r/intland/codebeamer/tags \n\n\u200bCodebeamer installers: https://intland.com/codebeamer-download/ https://intland.com/codebeamer-download/ \n\n\u200bHosted customers may request an upgrade through the support channel https://codebeamer.com/cb/tracker/1910563 .\n\n\u200bNote that version 2.0 is not impacted by this vulnerability.\n\n\u200bFor more information refer to PTC Security Advisory and Resolution https://codebeamer.com/cb/wiki/31346480 ."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PTC Codebeamer Cross site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-4296",
"datePublished": "2023-08-29T21:42:48.880Z",
"dateReserved": "2023-08-10T14:52:35.290Z",
"dateUpdated": "2025-02-13T17:13:13.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26515 (GCVE-0-2020-26515)
Vulnerability from nvd – Published: 2021-06-08 12:47 – Updated: 2024-08-04 15:56
VLAI?
Summary
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-09_CSNC-2020-010-codebeamer_ALM_Insecure-RememberMe.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user\u0027s credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T12:47:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-09_CSNC-2020-010-codebeamer_ALM_Insecure-RememberMe.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user\u0027s credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://intland.com/codebeamer/application-lifecycle-management/",
"refsource": "MISC",
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"name": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-09_CSNC-2020-010-codebeamer_ALM_Insecure-RememberMe.txt",
"refsource": "MISC",
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-09_CSNC-2020-010-codebeamer_ALM_Insecure-RememberMe.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26515",
"datePublished": "2021-06-08T12:47:42",
"dateReserved": "2020-10-02T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26517 (GCVE-0-2020-26517)
Vulnerability from nvd – Published: 2021-06-08 12:42 – Updated: 2024-08-04 15:56
VLAI?
Summary
A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T12:42:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://intland.com/codebeamer/application-lifecycle-management/",
"refsource": "MISC",
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"name": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt",
"refsource": "MISC",
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-10_CSNC-2020-012-codebeamer_ALM_XSS.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26517",
"datePublished": "2021-06-08T12:42:17",
"dateReserved": "2020-10-02T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26516 (GCVE-0-2020-26516)
Vulnerability from nvd – Published: 2021-06-08 12:28 – Updated: 2024-08-04 15:56
VLAI?
Summary
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim\u0027s browser to execute undesired actions in the web application through crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T12:28:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim\u0027s browser to execute undesired actions in the web application through crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://intland.com/codebeamer/application-lifecycle-management/",
"refsource": "MISC",
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"name": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt",
"refsource": "MISC",
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-08_CSNC-2020-009-codebeamer_ALM_Missing-CSRF.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26516",
"datePublished": "2021-06-08T12:28:19",
"dateReserved": "2020-10-02T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26513 (GCVE-0-2020-26513)
Vulnerability from nvd – Published: 2020-12-07 15:26 – Updated: 2024-08-04 15:56
VLAI?
Summary
An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-07T15:26:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://intland.com/codebeamer/application-lifecycle-management/",
"refsource": "MISC",
"url": "https://intland.com/codebeamer/application-lifecycle-management/"
},
{
"name": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt",
"refsource": "MISC",
"url": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26513",
"datePublished": "2020-12-07T15:26:25",
"dateReserved": "2020-10-02T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20635 (GCVE-0-2019-20635)
Vulnerability from nvd – Published: 2020-04-02 15:04 – Updated: 2024-08-05 02:46
VLAI?
Summary
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:46:10.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codebeamer.com/cb/wiki/7372223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T15:04:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://codebeamer.com/cb/wiki/7372223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codebeamer.com/cb/wiki/7372223",
"refsource": "MISC",
"url": "https://codebeamer.com/cb/wiki/7372223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20635",
"datePublished": "2020-04-02T15:04:48",
"dateReserved": "2020-04-02T00:00:00",
"dateUpdated": "2024-08-05T02:46:10.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19912 (GCVE-0-2019-19912)
Vulnerability from nvd – Published: 2020-03-30 21:28 – Updated: 2024-08-05 02:32
VLAI?
Summary
In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T21:28:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19912",
"datePublished": "2020-03-30T21:28:00",
"dateReserved": "2019-12-19T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19913 (GCVE-0-2019-19913)
Vulnerability from nvd – Published: 2020-03-30 21:26 – Updated: 2024-08-05 02:32
VLAI?
Summary
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:09.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
},
{
"name": "20200414 Matrix42 Workspace Management 9.1.2.2765 - Reflected Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-14T18:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
},
{
"name": "20200414 Matrix42 Workspace Management 9.1.2.2765 - Reflected Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Apr/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html"
},
{
"name": "20200414 Matrix42 Workspace Management 9.1.2.2765 - Reflected Cross-Site Scripting",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Apr/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19913",
"datePublished": "2020-03-30T21:26:28",
"dateReserved": "2019-12-19T00:00:00",
"dateUpdated": "2024-08-05T02:32:09.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}