Article - CS366460

Windchill Workgroup Manager and Google Chrome (CVE-2022-1096, CVE-2022-1232,CVE-2022-1364)

Modified: 16-Aug-2022   


Applies To

  • Windchill PDMLink 11.1 to 12.1
  • Windchill Workgroup Manager 11.1 M020 
  • Windchill Workgroup Manager 11.2.1.X
  • Windchill Workgroup Manager 12.0.2.X
  • Windchill Workgroup Manager 12.1.0.X

Description

  • Is Windchill Workgroup Manager impacted by the Remote Code Execution (RCE) Vulnerability Reported for Chromium Embedded Framework CVE-2022-1096  ?
  • Is Windchill Workgroup Manager impacted by CVE-2022-1232 reported for Chromium Embedded Framework, type confusion which could lead to Remote Code Execution?
  • Is Windchill Workgroup Manager impacted by CVE-2022-1364 reported for Chromium Embedded Framework, identifying another type confusion zero-day vulnerability?
  • Limited details are being made available from Google for these CVEs.
  • Windchill Workgroup Manager uses the Embedded Browser to interact with Windchill
    • The Embedded Browser can be configured to use:
      • Internet Explorer (IE)
      • Chrome (Chromium Embedded Framework)
  • Customers are only impacted if the Chrome browser is configured as embedded browser. To confirm check whether the wgmclient.ini file has the following setting:
    windows.browser.type=chromium_browser
*Note: this is the default setting as of the Windchill Workgroup Manager 12.1.0.1 release.
This is a printer-friendly version of Article 366460 and may be out of date. For the latest version click CS366460