VDB

CVE-2021-33738

CVE-2021-33738 PUBLISHED CVSS 3.299999952316284 LOW

A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405)

EPSS 0.28% · 51.3th percentile

Risk Scores

CVSS 3.1
3.299999952316284
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
0.28%
51.3th percentile

Affected Products

VendorProductVersions
siemensteamcenter_visualization0
SiemensTeamcenter Visualization*
siemensjt2go0
SiemensJT2GoAll versions < V13.2.0.2

Exploit Intelligence

Timeline

  • Apr 13, 2021 CVE Published
  • Aug 11, 2021 EPSS Score
  • Oct 9, 2021 EPSS Score
  • Dec 6, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 3, 2022 EPSS Score
  • May 31, 2022 EPSS Score
  • Jul 30, 2022 EPSS Score
  • Sep 27, 2022 EPSS Score
  • Nov 25, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›