Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for DELMIA Apriso by Dassault Systèmes

    CVE-2025-6205 (GCVE-0-2025-6205)

    Vulnerability from nvd – Published: 2025-08-04 09:14 – Updated: 2026-02-26 17:50
    Title
    Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
    Summary
    A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom)
    Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom)
    Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom)
    Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom)
    Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom)
    Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6205",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T03:56:05.200345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-10-28",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6205"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:03.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6205"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 2020 SP4",
                  "status": "affected",
                  "version": "Release 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2021 SP3",
                  "status": "affected",
                  "version": "Release 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2022 SP3",
                  "status": "affected",
                  "version": "Release 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2023 SP3",
                  "status": "affected",
                  "version": "Release 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2024 SP1",
                  "status": "affected",
                  "version": "Release 2024 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2025 SP1",
                  "status": "affected",
                  "version": "Release 2025 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application."
                }
              ],
              "value": "A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-04T09:14:42.308Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6205",
        "datePublished": "2025-08-04T09:14:42.308Z",
        "dateReserved": "2025-06-17T14:03:19.819Z",
        "dateUpdated": "2026-02-26T17:50:03.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6204 (GCVE-0-2025-6204)

    Vulnerability from nvd – Published: 2025-08-04 09:14 – Updated: 2026-02-26 17:50
    VLAI CISA KEVIntel
    Title
    Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
    Summary
    An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom)
    Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom)
    Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom)
    Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom)
    Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom)
    Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6204",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T03:56:04.227128Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-10-28",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:03.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 2020 SP4",
                  "status": "affected",
                  "version": "Release 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2021 SP3",
                  "status": "affected",
                  "version": "Release 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2022 SP3",
                  "status": "affected",
                  "version": "Release 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2023 SP3",
                  "status": "affected",
                  "version": "Release 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2024 SP1",
                  "status": "affected",
                  "version": "Release 2024 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2025 SP1",
                  "status": "affected",
                  "version": "Release 2025 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
                }
              ],
              "value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-04T09:14:08.343Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6204",
        "datePublished": "2025-08-04T09:14:08.343Z",
        "dateReserved": "2025-06-17T14:03:08.909Z",
        "dateUpdated": "2026-02-26T17:50:03.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5086 (GCVE-0-2025-5086)

    Vulnerability from nvd – Published: 2025-06-02 17:42 – Updated: 2026-02-26 18:27
    Title
    Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
    Summary
    A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom)
    Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom)
    Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom)
    Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom)
    Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom)
    Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom)
    Create a notification for this product.
    Credits
    Hacktron AI
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5086",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-12T03:56:12.885164Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-09-11",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:27:41.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "media-coverage"
                ],
                "url": "https://isc.sans.edu/diary/Exploit+Attempts+for+Dassault+DELMIA+Apriso+CVE20255086/32256"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-09-11T00:00:00.000Z",
                "value": "CVE-2025-5086 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 2020 SP4",
                  "status": "affected",
                  "version": "Release 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2021 SP3",
                  "status": "affected",
                  "version": "Release 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2022 SP3",
                  "status": "affected",
                  "version": "Release 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2023 SP3",
                  "status": "affected",
                  "version": "Release 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2024 SP1",
                  "status": "affected",
                  "version": "Release 2024 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2025 SP1",
                  "status": "affected",
                  "version": "Release 2025 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hacktron AI"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution."
                }
              ],
              "value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-03T06:13:48.084Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-5086",
        "datePublished": "2025-06-02T17:42:42.620Z",
        "dateReserved": "2025-05-22T11:43:30.702Z",
        "dateUpdated": "2026-02-26T18:27:41.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3301 (GCVE-0-2024-3301)

    Vulnerability from nvd – Published: 2024-05-30 15:18 – Updated: 2024-09-03 15:31
    VLAI
    Title
    Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
    Summary
    An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Release 2019 Golden , ≤ Release 2019 SP5 (custom)
    Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom)
    Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom)
    Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom)
    Affected: Release 2023 Golden , ≤ Release 2023 SP2 (custom)
    Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom)
    Create a notification for this product.
    3ds delmia_apriso Affected: 2019 , ≤ 2024 (custom)
        cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mehdi Elyassa of Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:05:08.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "delmia_apriso",
                "vendor": "3ds",
                "versions": [
                  {
                    "lessThanOrEqual": "2024",
                    "status": "affected",
                    "version": "2019",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3301",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-03T15:27:23.292614Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T15:31:28.769Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 2019 SP5",
                  "status": "affected",
                  "version": "Release 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2020 SP4",
                  "status": "affected",
                  "version": "Release 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2021 SP3",
                  "status": "affected",
                  "version": "Release 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2022 SP3",
                  "status": "affected",
                  "version": "Release 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2023 SP2",
                  "status": "affected",
                  "version": "Release 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2024 SP1",
                  "status": "affected",
                  "version": "Release 2024 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mehdi Elyassa of Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution."
                }
              ],
              "value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-586",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-586 Object Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-30T15:18:14.217Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2024-3301",
        "datePublished": "2024-05-30T15:18:14.217Z",
        "dateReserved": "2024-04-04T09:52:26.812Z",
        "dateUpdated": "2024-09-03T15:31:28.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3300 (GCVE-0-2024-3300)

    Vulnerability from nvd – Published: 2024-05-30 15:19 – Updated: 2024-08-01 20:05
    VLAI
    Title
    Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
    Summary
    An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Release 2019 Golden , ≤ Release 2019 SP5 (custom)
    Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom)
    Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom)
    Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom)
    Affected: Release 2023 Golden , ≤ Release 2023 SP2 (custom)
    Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom)
    Create a notification for this product.
    3ds delmia_apriso Affected: release_2019_golden , ≤ release_2019_sp5 (custom)
    Affected: release_2020_golden , ≤ release_2020_sp4 (custom)
    Affected: release_2021_golden , ≤ release_2021_sp3 (custom)
    Affected: release_2022_golden , ≤ release_2022_sp3 (custom)
    Affected: release_2023_golden , ≤ release_2023_sp2 (custom)
    Affected: release_2024_golden , ≤ release_2024_sp1 (custom)
        cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mehdi Elyassa of Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "delmia_apriso",
                "vendor": "3ds",
                "versions": [
                  {
                    "lessThanOrEqual": "release_2019_sp5",
                    "status": "affected",
                    "version": "release_2019_golden",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "release_2020_sp4",
                    "status": "affected",
                    "version": "release_2020_golden",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "release_2021_sp3",
                    "status": "affected",
                    "version": "release_2021_golden",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "release_2022_sp3",
                    "status": "affected",
                    "version": "release_2022_golden",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "release_2023_sp2",
                    "status": "affected",
                    "version": "release_2023_golden",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "release_2024_sp1",
                    "status": "affected",
                    "version": "release_2024_golden",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-30T17:09:18.395045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:33:17.300Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:05:08.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 2019 SP5",
                  "status": "affected",
                  "version": "Release 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2020 SP4",
                  "status": "affected",
                  "version": "Release 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2021 SP3",
                  "status": "affected",
                  "version": "Release 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2022 SP3",
                  "status": "affected",
                  "version": "Release 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2023 SP2",
                  "status": "affected",
                  "version": "Release 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2024 SP1",
                  "status": "affected",
                  "version": "Release 2024 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mehdi Elyassa of Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution."
                }
              ],
              "value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-586",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-586 Object Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-30T15:19:10.068Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2024-3300",
        "datePublished": "2024-05-30T15:19:10.068Z",
        "dateReserved": "2024-04-04T09:52:17.520Z",
        "dateUpdated": "2024-08-01T20:05:08.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0935 (GCVE-0-2024-0935)

    Vulnerability from nvd – Published: 2024-02-01 13:33 – Updated: 2024-08-01 18:18
    VLAI
    Title
    Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024
    Summary
    Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom)
    Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom)
    Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP3 (custom)
    Affected: Apriso 2022 Golden , ≤ Apriso 2022 SP3 (custom)
    Affected: Apriso 2023 Golden , ≤ Apriso 2023 SP2 (custom)
    Affected: Apriso 2024 Golden
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-01T16:22:28.247755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:21:22.867Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:18:18.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Apriso 2019 SP5",
                  "status": "affected",
                  "version": "Apriso 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2020 SP4",
                  "status": "affected",
                  "version": "Apriso 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2021 SP3",
                  "status": "affected",
                  "version": "Apriso 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2022 SP3",
                  "status": "affected",
                  "version": "Apriso 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2023 SP2",
                  "status": "affected",
                  "version": "Apriso 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Apriso 2024 Golden"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
                }
              ],
              "value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T14:19:00.675Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2024-0935",
        "datePublished": "2024-02-01T13:33:56.772Z",
        "dateReserved": "2024-01-26T09:51:54.820Z",
        "dateUpdated": "2024-08-01T18:18:18.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2141 (GCVE-0-2023-2141)

    Vulnerability from nvd – Published: 2023-04-21 15:48 – Updated: 2025-02-04 20:26
    VLAI
    Title
    Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022
    Summary
    An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Apriso 2017 Golden , ≤ Apriso 2017 SP7 (custom)
    Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom)
    Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom)
    Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom)
    Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP2 (custom)
    Affected: Apriso 2022 Golden
    Create a notification for this product.
    Credits
    Mehdi Elyassa and Vincent Herbulot from Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:20.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:26:47.042599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T20:26:49.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Apriso 2017 SP7",
                  "status": "affected",
                  "version": "Apriso 2017 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2018 SP4",
                  "status": "affected",
                  "version": "Apriso 2018 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2019 SP5",
                  "status": "affected",
                  "version": "Apriso 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2020 SP4",
                  "status": "affected",
                  "version": "Apriso 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2021 SP2",
                  "status": "affected",
                  "version": "Apriso 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Apriso 2022 Golden"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\u003cbr\u003e"
                }
              ],
              "value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-586",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-586 Object Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-21T15:48:39.800Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022 ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-2141",
        "datePublished": "2023-04-21T15:48:39.800Z",
        "dateReserved": "2023-04-18T07:52:31.574Z",
        "dateUpdated": "2025-02-04T20:26:49.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2140 (GCVE-0-2023-2140)

    Vulnerability from nvd – Published: 2023-04-21 15:48 – Updated: 2025-02-04 20:27
    VLAI
    Title
    Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
    Summary
    A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Apriso 2017 Golden , ≤ Apriso 2017 SP7 (custom)
    Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom)
    Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom)
    Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom)
    Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP2 (custom)
    Affected: Apriso 2022 Golden
    Create a notification for this product.
    Credits
    Mehdi Elyassa and Vincent Herbulot from Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:20.445Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:27:03.162173Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T20:27:09.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Apriso 2017 SP7",
                  "status": "affected",
                  "version": "Apriso 2017 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2018 SP4",
                  "status": "affected",
                  "version": "Apriso 2018 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2019 SP5",
                  "status": "affected",
                  "version": "Apriso 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2020 SP4",
                  "status": "affected",
                  "version": "Apriso 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2021 SP2",
                  "status": "affected",
                  "version": "Apriso 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Apriso 2022 Golden"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServer-Side Request Forgery vulnerability\u0026nbsp;\u003c/span\u003ein DELMIA Apriso\u0026nbsp;Release  2017 through Release 2022 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Server-Side Request Forgery vulnerability in DELMIA Apriso Release  2017 through Release 2022 \n\ncould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664: Server Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-21T15:48:25.654Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-2140",
        "datePublished": "2023-04-21T15:48:25.654Z",
        "dateReserved": "2023-04-18T07:52:26.003Z",
        "dateUpdated": "2025-02-04T20:27:09.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2139 (GCVE-0-2023-2139)

    Vulnerability from nvd – Published: 2023-04-21 15:44 – Updated: 2025-02-04 20:27
    VLAI
    Title
    Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
    Summary
    A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Apriso 2017 Golden , ≤ Apriso 2017 SP7 (custom)
    Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom)
    Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom)
    Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom)
    Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP1 (custom)
    Affected: Apriso 2022 Golden
    Create a notification for this product.
    Credits
    Mehdi Elyassa and Vincent Herbulot from Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:20.521Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:27:21.446658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T20:27:26.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Apriso 2017 SP7",
                  "status": "affected",
                  "version": "Apriso 2017 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2018 SP4",
                  "status": "affected",
                  "version": "Apriso 2018 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2019 SP5",
                  "status": "affected",
                  "version": "Apriso 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2020 SP4",
                  "status": "affected",
                  "version": "Apriso 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2021 SP1",
                  "status": "affected",
                  "version": "Apriso 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Apriso 2022 Golden"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mehdi Elyassa and Vincent Herbulot  from Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003eA reflected Cross-site Scripting (XSS) Vulnerability in\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eDELMIA Apriso Release 2017 through Release 2022 \u003c/span\u003eallows\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ean attacker to execute arbitrary script code.\u003c/span\u003e\u003c/div\u003e"
                }
              ],
              "value": "\nA reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-21T15:46:00.830Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-2139",
        "datePublished": "2023-04-21T15:44:51.948Z",
        "dateReserved": "2023-04-18T07:52:15.175Z",
        "dateUpdated": "2025-02-04T20:27:26.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6205 (GCVE-0-2025-6205)

    Vulnerability from cvelistv5 – Published: 2025-08-04 09:14 – Updated: 2026-02-26 17:50
    Title
    Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
    Summary
    A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom)
    Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom)
    Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom)
    Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom)
    Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom)
    Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6205",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T03:56:05.200345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-10-28",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6205"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:03.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6205"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 2020 SP4",
                  "status": "affected",
                  "version": "Release 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2021 SP3",
                  "status": "affected",
                  "version": "Release 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2022 SP3",
                  "status": "affected",
                  "version": "Release 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2023 SP3",
                  "status": "affected",
                  "version": "Release 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2024 SP1",
                  "status": "affected",
                  "version": "Release 2024 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2025 SP1",
                  "status": "affected",
                  "version": "Release 2025 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application."
                }
              ],
              "value": "A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-04T09:14:42.308Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6205",
        "datePublished": "2025-08-04T09:14:42.308Z",
        "dateReserved": "2025-06-17T14:03:19.819Z",
        "dateUpdated": "2026-02-26T17:50:03.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6204 (GCVE-0-2025-6204)

    Vulnerability from cvelistv5 – Published: 2025-08-04 09:14 – Updated: 2026-02-26 17:50
    VLAI CISA KEVIntel
    Title
    Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
    Summary
    An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom)
    Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom)
    Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom)
    Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom)
    Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom)
    Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6204",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T03:56:04.227128Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-10-28",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:03.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 2020 SP4",
                  "status": "affected",
                  "version": "Release 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2021 SP3",
                  "status": "affected",
                  "version": "Release 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2022 SP3",
                  "status": "affected",
                  "version": "Release 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2023 SP3",
                  "status": "affected",
                  "version": "Release 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2024 SP1",
                  "status": "affected",
                  "version": "Release 2024 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2025 SP1",
                  "status": "affected",
                  "version": "Release 2025 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
                }
              ],
              "value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-04T09:14:08.343Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6204",
        "datePublished": "2025-08-04T09:14:08.343Z",
        "dateReserved": "2025-06-17T14:03:08.909Z",
        "dateUpdated": "2026-02-26T17:50:03.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5086 (GCVE-0-2025-5086)

    Vulnerability from cvelistv5 – Published: 2025-06-02 17:42 – Updated: 2026-02-26 18:27
    Title
    Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
    Summary
    A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom)
    Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom)
    Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom)
    Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom)
    Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom)
    Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom)
    Create a notification for this product.
    Credits
    Hacktron AI
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5086",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-12T03:56:12.885164Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-09-11",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:27:41.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "media-coverage"
                ],
                "url": "https://isc.sans.edu/diary/Exploit+Attempts+for+Dassault+DELMIA+Apriso+CVE20255086/32256"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-09-11T00:00:00.000Z",
                "value": "CVE-2025-5086 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 2020 SP4",
                  "status": "affected",
                  "version": "Release 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2021 SP3",
                  "status": "affected",
                  "version": "Release 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2022 SP3",
                  "status": "affected",
                  "version": "Release 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2023 SP3",
                  "status": "affected",
                  "version": "Release 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2024 SP1",
                  "status": "affected",
                  "version": "Release 2024 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2025 SP1",
                  "status": "affected",
                  "version": "Release 2025 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hacktron AI"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution."
                }
              ],
              "value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-03T06:13:48.084Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-5086",
        "datePublished": "2025-06-02T17:42:42.620Z",
        "dateReserved": "2025-05-22T11:43:30.702Z",
        "dateUpdated": "2026-02-26T18:27:41.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3300 (GCVE-0-2024-3300)

    Vulnerability from cvelistv5 – Published: 2024-05-30 15:19 – Updated: 2024-08-01 20:05
    VLAI
    Title
    Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
    Summary
    An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Release 2019 Golden , ≤ Release 2019 SP5 (custom)
    Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom)
    Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom)
    Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom)
    Affected: Release 2023 Golden , ≤ Release 2023 SP2 (custom)
    Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom)
    Create a notification for this product.
    3ds delmia_apriso Affected: release_2019_golden , ≤ release_2019_sp5 (custom)
    Affected: release_2020_golden , ≤ release_2020_sp4 (custom)
    Affected: release_2021_golden , ≤ release_2021_sp3 (custom)
    Affected: release_2022_golden , ≤ release_2022_sp3 (custom)
    Affected: release_2023_golden , ≤ release_2023_sp2 (custom)
    Affected: release_2024_golden , ≤ release_2024_sp1 (custom)
        cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mehdi Elyassa of Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "delmia_apriso",
                "vendor": "3ds",
                "versions": [
                  {
                    "lessThanOrEqual": "release_2019_sp5",
                    "status": "affected",
                    "version": "release_2019_golden",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "release_2020_sp4",
                    "status": "affected",
                    "version": "release_2020_golden",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "release_2021_sp3",
                    "status": "affected",
                    "version": "release_2021_golden",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "release_2022_sp3",
                    "status": "affected",
                    "version": "release_2022_golden",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "release_2023_sp2",
                    "status": "affected",
                    "version": "release_2023_golden",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "release_2024_sp1",
                    "status": "affected",
                    "version": "release_2024_golden",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3300",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-30T17:09:18.395045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:33:17.300Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:05:08.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 2019 SP5",
                  "status": "affected",
                  "version": "Release 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2020 SP4",
                  "status": "affected",
                  "version": "Release 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2021 SP3",
                  "status": "affected",
                  "version": "Release 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2022 SP3",
                  "status": "affected",
                  "version": "Release 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2023 SP2",
                  "status": "affected",
                  "version": "Release 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2024 SP1",
                  "status": "affected",
                  "version": "Release 2024 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mehdi Elyassa of Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution."
                }
              ],
              "value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-586",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-586 Object Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-30T15:19:10.068Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2024-3300",
        "datePublished": "2024-05-30T15:19:10.068Z",
        "dateReserved": "2024-04-04T09:52:17.520Z",
        "dateUpdated": "2024-08-01T20:05:08.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3301 (GCVE-0-2024-3301)

    Vulnerability from cvelistv5 – Published: 2024-05-30 15:18 – Updated: 2024-09-03 15:31
    VLAI
    Title
    Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
    Summary
    An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Release 2019 Golden , ≤ Release 2019 SP5 (custom)
    Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom)
    Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom)
    Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom)
    Affected: Release 2023 Golden , ≤ Release 2023 SP2 (custom)
    Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom)
    Create a notification for this product.
    3ds delmia_apriso Affected: 2019 , ≤ 2024 (custom)
        cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Mehdi Elyassa of Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:05:08.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "delmia_apriso",
                "vendor": "3ds",
                "versions": [
                  {
                    "lessThanOrEqual": "2024",
                    "status": "affected",
                    "version": "2019",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3301",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-03T15:27:23.292614Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T15:31:28.769Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 2019 SP5",
                  "status": "affected",
                  "version": "Release 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2020 SP4",
                  "status": "affected",
                  "version": "Release 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2021 SP3",
                  "status": "affected",
                  "version": "Release 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2022 SP3",
                  "status": "affected",
                  "version": "Release 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2023 SP2",
                  "status": "affected",
                  "version": "Release 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 2024 SP1",
                  "status": "affected",
                  "version": "Release 2024 Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mehdi Elyassa of Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution."
                }
              ],
              "value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-586",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-586 Object Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-30T15:18:14.217Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2024-3301",
        "datePublished": "2024-05-30T15:18:14.217Z",
        "dateReserved": "2024-04-04T09:52:26.812Z",
        "dateUpdated": "2024-09-03T15:31:28.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0935 (GCVE-0-2024-0935)

    Vulnerability from cvelistv5 – Published: 2024-02-01 13:33 – Updated: 2024-08-01 18:18
    VLAI
    Title
    Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024
    Summary
    Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom)
    Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom)
    Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP3 (custom)
    Affected: Apriso 2022 Golden , ≤ Apriso 2022 SP3 (custom)
    Affected: Apriso 2023 Golden , ≤ Apriso 2023 SP2 (custom)
    Affected: Apriso 2024 Golden
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-01T16:22:28.247755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:21:22.867Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:18:18.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Apriso 2019 SP5",
                  "status": "affected",
                  "version": "Apriso 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2020 SP4",
                  "status": "affected",
                  "version": "Apriso 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2021 SP3",
                  "status": "affected",
                  "version": "Apriso 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2022 SP3",
                  "status": "affected",
                  "version": "Apriso 2022 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2023 SP2",
                  "status": "affected",
                  "version": "Apriso 2023 Golden",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Apriso 2024 Golden"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
                }
              ],
              "value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-09T14:19:00.675Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2024-0935",
        "datePublished": "2024-02-01T13:33:56.772Z",
        "dateReserved": "2024-01-26T09:51:54.820Z",
        "dateUpdated": "2024-08-01T18:18:18.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2141 (GCVE-0-2023-2141)

    Vulnerability from cvelistv5 – Published: 2023-04-21 15:48 – Updated: 2025-02-04 20:26
    VLAI
    Title
    Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022
    Summary
    An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Apriso 2017 Golden , ≤ Apriso 2017 SP7 (custom)
    Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom)
    Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom)
    Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom)
    Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP2 (custom)
    Affected: Apriso 2022 Golden
    Create a notification for this product.
    Credits
    Mehdi Elyassa and Vincent Herbulot from Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:20.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:26:47.042599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T20:26:49.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Apriso 2017 SP7",
                  "status": "affected",
                  "version": "Apriso 2017 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2018 SP4",
                  "status": "affected",
                  "version": "Apriso 2018 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2019 SP5",
                  "status": "affected",
                  "version": "Apriso 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2020 SP4",
                  "status": "affected",
                  "version": "Apriso 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2021 SP2",
                  "status": "affected",
                  "version": "Apriso 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Apriso 2022 Golden"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\u003cbr\u003e"
                }
              ],
              "value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-586",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-586 Object Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-21T15:48:39.800Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022 ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-2141",
        "datePublished": "2023-04-21T15:48:39.800Z",
        "dateReserved": "2023-04-18T07:52:31.574Z",
        "dateUpdated": "2025-02-04T20:26:49.843Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2140 (GCVE-0-2023-2140)

    Vulnerability from cvelistv5 – Published: 2023-04-21 15:48 – Updated: 2025-02-04 20:27
    VLAI
    Title
    Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
    Summary
    A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Apriso 2017 Golden , ≤ Apriso 2017 SP7 (custom)
    Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom)
    Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom)
    Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom)
    Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP2 (custom)
    Affected: Apriso 2022 Golden
    Create a notification for this product.
    Credits
    Mehdi Elyassa and Vincent Herbulot from Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:20.445Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:27:03.162173Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T20:27:09.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Apriso 2017 SP7",
                  "status": "affected",
                  "version": "Apriso 2017 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2018 SP4",
                  "status": "affected",
                  "version": "Apriso 2018 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2019 SP5",
                  "status": "affected",
                  "version": "Apriso 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2020 SP4",
                  "status": "affected",
                  "version": "Apriso 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2021 SP2",
                  "status": "affected",
                  "version": "Apriso 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Apriso 2022 Golden"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServer-Side Request Forgery vulnerability\u0026nbsp;\u003c/span\u003ein DELMIA Apriso\u0026nbsp;Release  2017 through Release 2022 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Server-Side Request Forgery vulnerability in DELMIA Apriso Release  2017 through Release 2022 \n\ncould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664: Server Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-21T15:48:25.654Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-2140",
        "datePublished": "2023-04-21T15:48:25.654Z",
        "dateReserved": "2023-04-18T07:52:26.003Z",
        "dateUpdated": "2025-02-04T20:27:09.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2139 (GCVE-0-2023-2139)

    Vulnerability from cvelistv5 – Published: 2023-04-21 15:44 – Updated: 2025-02-04 20:27
    VLAI
    Title
    Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
    Summary
    A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes DELMIA Apriso Affected: Apriso 2017 Golden , ≤ Apriso 2017 SP7 (custom)
    Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom)
    Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom)
    Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom)
    Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP1 (custom)
    Affected: Apriso 2022 Golden
    Create a notification for this product.
    Credits
    Mehdi Elyassa and Vincent Herbulot from Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:12:20.521Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.3ds.com/vulnerability/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T20:27:21.446658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-04T20:27:26.439Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "DELMIA Apriso",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Apriso 2017 SP7",
                  "status": "affected",
                  "version": "Apriso 2017 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2018 SP4",
                  "status": "affected",
                  "version": "Apriso 2018 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2019 SP5",
                  "status": "affected",
                  "version": "Apriso 2019 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2020 SP4",
                  "status": "affected",
                  "version": "Apriso 2020 Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Apriso 2021 SP1",
                  "status": "affected",
                  "version": "Apriso 2021 Golden",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Apriso 2022 Golden"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mehdi Elyassa and Vincent Herbulot  from Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cdiv\u003eA reflected Cross-site Scripting (XSS) Vulnerability in\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eDELMIA Apriso Release 2017 through Release 2022 \u003c/span\u003eallows\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ean attacker to execute arbitrary script code.\u003c/span\u003e\u003c/div\u003e"
                }
              ],
              "value": "\nA reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-21T15:46:00.830Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2023-2139",
        "datePublished": "2023-04-21T15:44:51.948Z",
        "dateReserved": "2023-04-18T07:52:15.175Z",
        "dateUpdated": "2025-02-04T20:27:26.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }