CVE-2023-4296

PTC Codebeamer Cross site scripting

Description

​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.

Remediation

Solution:

  • PTC recommends the following: * ​Version 22.10.X: upgrade to 22.10-SP8 https://intland.com/codebeamer-download/  or newer version * ​Version 22.04.X: upgrade to 22.04-SP6 https://intland.com/codebeamer-download/  or newer version * ​Version 21.09.X: upgrade to 21.09-SP14 https://intland.com/codebeamer-download/  or newer version ​Docker Image download: https://hub.docker.com/r/intland/codebeamer/tags https://hub.docker.com/r/intland/codebeamer/tags ​Codebeamer installers: https://intland.com/codebeamer-download/ https://intland.com/codebeamer-download/ ​Hosted customers may request an upgrade through the support channel https://codebeamer.com/cb/tracker/1910563 . ​Note that version 2.0 is not impacted by this vulnerability. ​For more information refer to PTC Security Advisory and Resolution https://codebeamer.com/cb/wiki/31346480 .

Category

8.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 1.05% Top 25%
Vendor Advisory codebeamer.com
Affected: PTC Codebeamer
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01 third party advisory us government resource
https://codebeamer.com/cb/wiki/31346480 vendor advisory
http://seclists.org/fulldisclosure/2023/Sep/10
http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html

Frequently Asked Questions

What is the severity of CVE-2023-4296?
CVE-2023-4296 has been scored as a high severity vulnerability.
How to fix CVE-2023-4296?
To fix CVE-2023-4296: PTC recommends the following: * ​Version 22.10.X: upgrade to 22.10-SP8 https://intland.com/codebeamer-download/  or newer version * ​Version 22.04.X: upgrade to 22.04-SP6 https://intland.com/codebeamer-download/  or newer version * ​Version 21.09.X: upgrade to 21.09-SP14 https://intland.com/codebeamer-download/  or newer version ​Docker Image download: https://hub.docker.com/r/intland/codebeamer/tags https://hub.docker.com/r/intland/codebeamer/tags ​Codebeamer installers: https://intland.com/codebeamer-download/ https://intland.com/codebeamer-download/ ​Hosted customers may request an upgrade through the support channel https://codebeamer.com/cb/tracker/1910563 . ​Note that version 2.0 is not impacted by this vulnerability. ​For more information refer to PTC Security Advisory and Resolution https://codebeamer.com/cb/wiki/31346480 .
Is CVE-2023-4296 being actively exploited in the wild?
It is possible that CVE-2023-4296 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-4296?
CVE-2023-4296 affects PTC Codebeamer.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.