{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T16:37:24.403","vulnerabilities":[{"cve":{"id":"CVE-2021-40354","sourceIdentifier":"productcert@siemens.com","published":"2021-09-14T11:15:26.667","lastModified":"2024-11-21T06:23:56.200","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The \"surrogate\" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the \"inbox/surrogate tasks\"."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en Teamcenter versión V12.4 (Todas las versiones anteriores a V12.4.0.8), Teamcenter versión V13.0 (Todas las versiones anteriores a V13.0.0.7), Teamcenter versión V13.1 (Todas las versiones anteriores a V13.1.0.5), Teamcenter versión V13.2 (Todas las versiones anteriores a 13.2.0.2). La funcionalidad \"surrogate\" en el perfil de usuario de la aplicación no lleva acabo un control de acceso suficiente que podría conllevar a una toma de posesión de la cuenta. Cualquier perfil de la aplicación puede llevar a cabo este ataque y acceder a cualquier otra tarea asignada por el usuario por medio de \"inbox/surrogate tasks\""}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-267"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*","versionStartIncluding":"12.4.0","versionEndExcluding":"12.4.0.8","matchCriteriaId":"13870B36-3683-4B71-9322-CE26AB6724D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0.0","versionEndExcluding":"13.0.0.7","matchCriteriaId":"0AE45246-C5C8-42C4-807F-0C6D34C1200B"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndExcluding":"13.1.0.5","matchCriteriaId":"A1360B8D-7874-413B-A6F0-6ACEA39236A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*","versionStartIncluding":"13.2.0","versionEndExcluding":"13.2.0.2","matchCriteriaId":"4339F831-9FD8-4FD3-B874-F88F77B8081B"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf","source":"productcert@siemens.com","tags":["Patch","Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}