Flexplm
Monthly
A critical remote code execution vulnerability exists in PTC Windchill PDMLink and PTC FlexPLM products due to unsafe deserialization of untrusted data, allowing unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability affects multiple versions of both products spanning from version 11.0 through 13.1.3.0 for Windchill and 11.0 through 13.0.3.0 for FlexPLM. An attacker can craft malicious serialized objects that, when deserialized by the vulnerable application, trigger code execution with the privileges of the Windchill or FlexPLM service account.
A critical remote code execution vulnerability exists in PTC Windchill PDMLink and PTC FlexPLM products due to unsafe deserialization of untrusted data, allowing unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability affects multiple versions of both products spanning from version 11.0 through 13.1.3.0 for Windchill and 11.0 through 13.0.3.0 for FlexPLM. An attacker can craft malicious serialized objects that, when deserialized by the vulnerable application, trigger code execution with the privileges of the Windchill or FlexPLM service account.