A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Affected applications expose user, host and display name of users, when the public license server is used. This could allow an attacker to retrieve this information.
Se ha identificado una vulnerabilidad en Simcenter STAR-CCM+ (Todas las versiones sólo si es usado el servidor de licencias públicas Power-on-Demand). Las aplicaciones afectadas exponen el usuario, el host y el nombre de pantalla de los usuarios, cuando se usa el servidor público de licencias. Esto podría permitir a un atacante recuperar esta información
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | NONE |
| Availability Impact | NONE |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Attack Requirements | NONE |
| Privileges Required | NONE |
| User Interaction | NONE |
| Vulnerability Confidentiality | LOW |
| Vulnerability Integrity | NONE |
| Vulnerability Availability | NONE |
| Subsequent Confidentiality | NONE |
| Subsequent Integrity | NONE |
| Subsequent Availability | NONE |
Source: [email protected]
Type: Secondary
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-200
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| siemens | simcenter_star-ccm\+_viewer | * | <built-in method update of dict object at 0x702ba6eda300> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:siemens:simcenter_star-ccm\+_viewer:*:*:*:*:*:*:*:* |