CVE-2023-4296
Vulnerability from cvelistv5
Published
2023-08-29 21:42
Modified
2024-08-02 07:24
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
PTC Codebeamer Cross site scripting
References
ics-cert@hq.dhs.govhttp://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html
ics-cert@hq.dhs.govhttp://seclists.org/fulldisclosure/2023/Sep/10
ics-cert@hq.dhs.govhttps://codebeamer.com/cb/wiki/31346480Vendor Advisory
ics-cert@hq.dhs.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01Third Party Advisory, US Government Resource
Impacted products
PTCCodebeamer
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:24:04.488Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://codebeamer.com/cb/wiki/31346480"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Sep/10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Codebeamer",
          "vendor": "PTC",
          "versions": [
            {
              "lessThanOrEqual": "v22.10-SP7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "v22.04-SP5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "v21.09-SP13",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "2.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Niklas Schilling of SEC Consult Vulnerability Lab reported this vulnerability to CISA."
        }
      ],
      "datePublic": "2023-08-29T21:38:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\n\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-31T14:44:51.524Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01"
        },
        {
          "url": "https://codebeamer.com/cb/wiki/31346480"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Sep/10"
        },
        {
          "url": "http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003ePTC recommends the following:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u200bVersion 22.10.X: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003eupgrade to 22.10-SP8\u003c/a\u003e\u0026nbsp;or newer version\u003c/li\u003e\u003cli\u003e\u200bVersion 22.04.X: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003eupgrade to 22.04-SP6\u003c/a\u003e\u0026nbsp;or newer version\u003c/li\u003e\u003cli\u003e\u200bVersion 21.09.X: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003eupgrade to 21.09-SP14\u003c/a\u003e\u0026nbsp;or newer version\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u200bDocker Image download: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hub.docker.com/r/intland/codebeamer/tags\"\u003ehttps://hub.docker.com/r/intland/codebeamer/tags\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u200bCodebeamer installers: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://intland.com/codebeamer-download/\"\u003ehttps://intland.com/codebeamer-download/\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u200bHosted customers may \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://codebeamer.com/cb/tracker/1910563?showAll=false\"\u003erequest an upgrade through the support channel\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u200bNote that version 2.0 is not impacted by this vulnerability.\u003c/p\u003e\u003cp\u003e\u200bFor more information refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://codebeamer.com/cb/wiki/31346480\"\u003ePTC Security Advisory and Resolution\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nPTC recommends the following:\n\n  *  \u200bVersion 22.10.X:  upgrade to 22.10-SP8 https://intland.com/codebeamer-download/ \u00a0or newer version\n  *  \u200bVersion 22.04.X:  upgrade to 22.04-SP6 https://intland.com/codebeamer-download/ \u00a0or newer version\n  *  \u200bVersion 21.09.X:  upgrade to 21.09-SP14 https://intland.com/codebeamer-download/ \u00a0or newer version\n\n\n\u200bDocker Image download:  https://hub.docker.com/r/intland/codebeamer/tags https://hub.docker.com/r/intland/codebeamer/tags \n\n\u200bCodebeamer installers:  https://intland.com/codebeamer-download/ https://intland.com/codebeamer-download/ \n\n\u200bHosted customers may  request an upgrade through the support channel https://codebeamer.com/cb/tracker/1910563 .\n\n\u200bNote that version 2.0 is not impacted by this vulnerability.\n\n\u200bFor more information refer to  PTC Security Advisory and Resolution https://codebeamer.com/cb/wiki/31346480 .\n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "PTC Codebeamer Cross site scripting",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-4296",
    "datePublished": "2023-08-29T21:42:48.880Z",
    "dateReserved": "2023-08-10T14:52:35.290Z",
    "dateUpdated": "2024-08-02T07:24:04.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4296\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2023-08-29T22:15:09.297\",\"lastModified\":\"2023-11-07T04:22:26.050\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\n\u200bIf an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.\\n\\n\"},{\"lang\":\"es\",\"value\":\"?Si un atacante enga\u00f1a a un usuario administrador de PTC Codebeamer para que haga clic en un v\u00ednculo malicioso, puede permitir que el atacante inyecte c\u00f3digo arbitrario para que se ejecute en el navegador del dispositivo de destino.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8842BD8-5ADE-4F4C-892B-C7FD0BD00549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A96C543-780C-4FB8-9B66-E3A970284157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp10:*:*:*:*:*:*\",\"matchCriteriaId\":\"869FDFD2-B254-46F1-977C-8C45FC53CF4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp11:*:*:*:*:*:*\",\"matchCriteriaId\":\"E162A5AA-DF07-4DB9-A0ED-15CD181B3E8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp12:*:*:*:*:*:*\",\"matchCriteriaId\":\"61E616EF-4DD8-4F24-8132-069D1839CC44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp13:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E1FFA2A-5A02-4D3E-AF1A-49F9CB751B29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EC6A60D-1117-45A3-B64F-6A3C99CCCBF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"82586B4B-1876-4F6A-903A-B89A50CB13DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF54ED5C-B686-4036-8EC4-C2C65D4463FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8162D88-A7D0-4BC0-A2D9-D83EC620C009\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE271018-6A6F-4CDD-97AA-12F8A9DE9640\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp7:*:*:*:*:*:*\",\"matchCriteriaId\":\"21A2D6ED-17D8-4DAD-9775-02419D79DD3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp8:*:*:*:*:*:*\",\"matchCriteriaId\":\"A099E310-FBA2-4EB1-BD86-C52686E7FA89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:21.09.0:sp9:*:*:*:*:*:*\",\"matchCriteriaId\":\"0291CE0C-97E3-4933-9B13-6DBB616DAA60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.04.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"334D6C73-8DED-4C77-9222-5534D1F3503D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.04.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F517B94-96C4-4FD0-BB84-73CA2BA0F88B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.04.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"65EA30F3-F924-42B3-BFCC-875411C0A7C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.04.0:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"42357940-98B9-4966-9B85-E5AB495560A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.04.0:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB8DB5F9-1972-4F06-9060-E95F8C462681\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.04.0:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AD9CDC5-D62C-4CC4-9328-2C0E41300CDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.10.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A54ADF57-985E-41AB-B1DF-77E9303531E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.10.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F94411ED-3CDA-4432-8487-2EE2DD072D6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.10.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4050B8C-FBA8-48CA-AF45-BC7C70235E37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.10.0:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"19490284-BC6A-45A0-B68D-743E139EB067\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.10.0:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5CF8652-238F-4442-9AA2-B8A6FD9B681C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.10.0:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC9DEE58-BD1A-47DB-918B-CE1A1D7A7866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.10.0:sp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"8948D8AB-8392-4CD8-8F8B-F59410A37BBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.10.0:sp7:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3E14B5E-A1CF-402C-B56A-C745DE28BF91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intland:codebeamer:22.10.0:sp8:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B1F1CCA-B937-4AFB-8363-554D74DE71BD\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"http://seclists.org/fulldisclosure/2023/Sep/10\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://codebeamer.com/cb/wiki/31346480\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.