Article - CS366460
Windchill Workgroup Manager and Google Chrome (CVE-2022-1096, CVE-2022-1232,CVE-2022-1364)
Modified: 16-Aug-2022
Applies To
- Windchill PDMLink 11.1 to 12.1
- Windchill Workgroup Manager 11.1 M020
- Windchill Workgroup Manager 11.2.1.X
- Windchill Workgroup Manager 12.0.2.X
- Windchill Workgroup Manager 12.1.0.X
Description
- Is Windchill Workgroup Manager impacted by the Remote Code Execution (RCE) Vulnerability Reported for Chromium Embedded Framework CVE-2022-1096 ?
- Is Windchill Workgroup Manager impacted by CVE-2022-1232 reported for Chromium Embedded Framework, type confusion which could lead to Remote Code Execution?
- Is Windchill Workgroup Manager impacted by CVE-2022-1364 reported for Chromium Embedded Framework, identifying another type confusion zero-day vulnerability?
- Limited details are being made available from Google for these CVEs.
- Windchill Workgroup Manager uses the Embedded Browser to interact with Windchill
- The Embedded Browser can be configured to use:
- Internet Explorer (IE)
- Chrome (Chromium Embedded Framework)
- The Embedded Browser can be configured to use:
- Customers are only impacted if the Chrome browser is configured as embedded browser. To confirm check whether the wgmclient.ini file has the following setting:
windows.browser.type=chromium_browser
This is a printer-friendly version of Article 366460 and may be out of date. For the latest version click CS366460