CVE-2020-26981

Summary

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)

Affected Software

VendorProductVersion RangeStatus
SiemensJT2GoAll versions < V13.1.0affected
SiemensTeamcenter VisualizationAll versions < V13.1.0affected

Weaknesses

  • CWE-611: CWE-611: Improper Restriction of XML External Entity Reference

ADP Enrichment

CVE Program Container

Additional References

References