Vulnerability Description
A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the vulnerable software. The impact of this attack could result in the session cookies of legitimate users being stolen. Should the attacker gain access to these cookies, they could then hijack the session and perform arbitrary actions in the name of the victim.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Opcenter Execution Core | < 8.2 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdfVendor Advisory
FAQ
What is CVE-2020-7576?
CVE-2020-7576 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability...
How severe is CVE-2020-7576?
CVE-2020-7576 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7576?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Opcenter Execution Core.