Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-26995

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11992)

Published

2021-01-12T21:15:17.573

Last Modified

2024-11-21T05:20:38.950

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-787
  • Type: Secondary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application siemens jt2go < 13.1.0 Yes
Application siemens teamcenter_visualization < 13.1.0 Yes
References