CVE-2022-40639 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.
ZDI has assigned the identifier CVE-2017-11543 for this vulnerability. These packages are now vulnerable: Ansys Spaceclaim 2020 - 2021 R1 - R6 - R7 - R8 - R9 - R10 - R11 - R12 - R13 - R14 - R15 - R16 - R17 - R18 - R19 - R20 - R21 - R22 - R23 - R24 - R25 - R26 - R27 - R28 - R29 - R30 - R31 - R32 - R33 - R34 - R35 - R36 - R37 - R38 - R39 - R40 - R41 - R42 - R43 - R44 - R45 - R46 - R47 - R48 - R49 - R50 - R51 - R52 - R53 - R54 - R55 - R56 - R57 - R58 - R59 - R60 - R61 - R62 - R63 - R64 - R65 - R66 - R67 - R68 - R69 - R70 - R71 - R72 - R73 - R74 - R75 - R76 - R77 - R78 - R79 - R80 - R81 - R82 - R83 - R84 - R85 - R86 - R87 - R88 - R89 - R90 - R91 - R92 - R93 - R94 - R
System Overview
When processing a request, the vulnerable software will create a file from this path:
/var/www/html/extensions/AnsysSpaceclaim_Rxxx.php
This file contains the following code:
A new component has been identified as a potential fix for the vulnerability
The ZDI has identified a new component that can be used to mitigate this vulnerability. These packages are now vulnerable: Ansys Spaceclaim 2020 - 2021 R1 - R6 - R7 - R8 - R9 - R10 - R11 - R12 - R13 - R14 - R15 - R16 - R17 - R18
References references/ CVE-2017-11543
ZDI has assigned the identifier CVE-2017-11543 for this vulnerability. These packages are now vulnerable: Ansys Spaceclaim 2020 - 2021 R1 - R6 - R7 - R8 - R9 - R10 - R11 - R12 - R13 - R14 - R15 - R16 - R17 - R18 - R19 - R20 - R21 - R22 - R23 - S24, S25, S26, S27, S28, S29, S30, S31, S32, S33, S34, . . . .
Ansys Spaceclaim 2020 is vulnerable to a buffer overflow vulnerability that may allow an attacker to execute arbitrary code on the affected system.
Timeline
Published on: 09/15/2022 16:15:00 UTC
Last modified on: 09/19/2022 18:24:00 UTC