CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.
[
{
"cpes": [
"cpe:2.3:a:dassult:teamwork_cloud_business_edition:*:*:*:*:*:*:*:*"
],
"vendor": "dassult",
"product": "teamwork_cloud_business_edition",
"versions": [
{
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom",
"lessThanOrEqual": "no_magic_release_2021X_refresh2"
},
{
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom",
"lessThanOrEqual": "no_magic_release_2022x_refresh2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:dassult:teamwork_cloud_business_pro_edition:*:*:*:*:*:*:*:*"
],
"vendor": "dassult",
"product": "teamwork_cloud_business_pro_edition",
"versions": [
{
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom",
"lessThanOrEqual": "no_magic_release_2021x_refresh2"
},
{
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom",
"lessThanOrEqual": "no_magic_release2022x_refresh2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:dassault:teamwork_cloud_standard_edition:*:*:*:*:*:*:*:*"
],
"vendor": "dassault",
"product": "teamwork_cloud_standard_edition",
"versions": [
{
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom",
"lessThanOrEqual": "no_magic_release_2021x_refresh2"
},
{
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom",
"lessThanOrEqual": "no_magic_release_2022x_refresh2"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:dassault:teamwork_cloud_enterprise_edition:*:*:*:*:*:*:*:*"
],
"vendor": "dassault",
"product": "teamwork_cloud_enterprise_edition",
"versions": [
{
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom",
"lessThanOrEqual": "no_magic_release_2021_refresh2"
},
{
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom",
"lessThanOrEqual": "no_magic_release_2022_refresh2"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total