CVE-2023-4296

Summary

​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.

Affected Software

VendorProductVersion RangeStatus
PTCCodebeamer0 <= v22.10-SP7affected
PTCCodebeamer0 <= v22.04-SP5affected
PTCCodebeamer0 <= v21.09-SP13affected
PTCCodebeamer2.0unaffected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References