CVE-2022-39144 V33.1-V33.1.262 has a vulnerability. V34.0-V34.1.242 has a vulnerability. V35.0 has no vulnerabilities.

A vulnerability has been identified in Parasolid V33.1 (All versions  V33.1.262), Parasolid V33.1 (All versions >= V33.1.262  V33.1.263), Parasolid V34.0 (All versions  V34.0.252), Parasolid V34.1 (All versions  V34.1.242), Parasolid V35.0 (All versions  V35.0.161), Parasolid V35.0 (All versions >= V35.0.161  V35.0.164), Simcenter Femap V2022.1 (All versions  V2022.1.3), Simcenter Femap V2022.2 (All versions  V2022.2.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17494) An input validation flaw was found in the Apache Struts 2 component. This issue could occur when using the file upload feature. A maliciously crafted file uploaded to an affected Apache Struts 2 application could cause the application to execute arbitrary code. (ZDI-17-5232) An input validation flaw was found in the Apache Struts 2 component. This issue could occur when using the file upload feature. A maliciously crafted

References: ZDI-CAN-17494

ZDI-17-5232

Product description CVE-2022-39144

A vulnerability has been identified in Parasolid V33.1 (All versions  V33.1.262), Parasolid V33.1 (All versions >= V33.1.262  V33.1.263), Parasolid V34.0 (All versions  V34.0.252), Parasolid V34.1 (All versions  V34.1.242), Parasolid V35.0 (All versions  V35.0.161), Parasolid V35.0 (All versions >=V35.0,161 V35,0,164), Simcenter Femap V2022 .2( All versions V2022 .2 .2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted X_T files . This could allow an attacker to execute code in the context of the current process .(ZDI-CAN-17494) An input validation flaw was found in the Apache Struts 2 component . This issue could occur when using the file upload feature . A maliciously crafted file uploaded to an affected Apache Struts 2 application could cause the application to execute arbitrary code.(ZDI-17-5232) An input validation flaw was found in the Apache Struts 2 component . This issue could occur when using the file upload feature . A maliciously crafted

Timeline

Published on: 09/13/2022 10:15:00 UTC
Last modified on: 09/13/2022 15:13:00 UTC

References

• https://cert-portal.siemens.com/productcert/pdf/ssa-518824.pdf
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39144