CVE-2022-32145

Published: Jun 14, 2022Modified: Jun 17, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link.

Affected (2)

Products: Siemens: Teamcenter Active Workspace

1 product

Teamcenter Active Workspace

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Teamcenter Active Workspace	From 5.2 to 5.2.9
Siemens Teamcenter Active Workspace	From 6.0 to 6.0.3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-401167.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-401167.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.