Search
Search Results (3 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3589 | 3 3ds, Dassault, Dassult | 5 Teamwork Cloud No Magic Release, Teamwork Cloud Enterprise Edition, Teamwork Cloud Standard Edition and 2 more | 2024-11-21 | 6.8 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server. | ||||
| CVE-2023-3588 | 1 3ds | 1 Teamwork Cloud No Magic Release | 2024-11-21 | 5.4 Medium |
| A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code. | ||||
| CVE-2020-25507 | 1 3ds | 1 Teamwork Cloud | 2024-11-21 | 7.8 High |
| An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions (0777 /etc/environment). Any local unprivileged user can execute arbitrary code simply by writing to /etc/environment, which will force all users, including root, to execute arbitrary code during the next login or reboot. In addition, the entire home directory of the twcloud user at /home/twcloud is recursively given world writable permissions. This allows any local unprivileged attacker to execute arbitrary code, as twcloud. This product was previous named Cameo Enterprise Data Warehouse (CEDW). | ||||
Page 1 of 1.