Search
Find a vulnerability
Search criteria
18 vulnerabilities found for DELMIA Apriso by Dassault Systèmes
CVE-2025-6205 (GCVE-0-2025-6205)
Vulnerability from nvd – Published: 2025-08-04 09:14 – Updated: 2026-02-26 17:50Title
Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
Summary
A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
Severity
9.1 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.3ds.com/trust-center/security/securit… | |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Release 2020 Golden , ≤ Release 2020 SP4
(custom)
Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom) Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom) Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom) Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom) Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6205",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T03:56:05.200345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-28",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6205"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:03.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6205"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP3",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2025 SP1",
"status": "affected",
"version": "Release 2025 Golden",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application."
}
],
"value": "A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T09:14:42.308Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-6205",
"datePublished": "2025-08-04T09:14:42.308Z",
"dateReserved": "2025-06-17T14:03:19.819Z",
"dateUpdated": "2026-02-26T17:50:03.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6204 (GCVE-0-2025-6204)
Vulnerability from nvd – Published: 2025-08-04 09:14 – Updated: 2026-02-26 17:50Title
Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
Summary
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
Severity
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.3ds.com/trust-center/security/securit… | |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Release 2020 Golden , ≤ Release 2020 SP4
(custom)
Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom) Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom) Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom) Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom) Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6204",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T03:56:04.227128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-28",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:03.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP3",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2025 SP1",
"status": "affected",
"version": "Release 2025 Golden",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
}
],
"value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T09:14:08.343Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-6204",
"datePublished": "2025-08-04T09:14:08.343Z",
"dateReserved": "2025-06-17T14:03:08.909Z",
"dateUpdated": "2026-02-26T17:50:03.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5086 (GCVE-0-2025-5086)
Vulnerability from nvd – Published: 2025-06-02 17:42 – Updated: 2026-02-26 18:27Title
Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
Summary
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
Severity
9 (Critical)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.3ds.com/vulnerability/advisories | |
| https://isc.sans.edu/diary/Exploit+Attempts+for+D… | media-coverage |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Release 2020 Golden , ≤ Release 2020 SP4
(custom)
Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom) Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom) Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom) Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom) Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5086",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T03:56:12.885164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-11",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:41.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"media-coverage"
],
"url": "https://isc.sans.edu/diary/Exploit+Attempts+for+Dassault+DELMIA+Apriso+CVE20255086/32256"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-11T00:00:00.000Z",
"value": "CVE-2025-5086 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP3",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2025 SP1",
"status": "affected",
"version": "Release 2025 Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hacktron AI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution."
}
],
"value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T06:13:48.084Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-5086",
"datePublished": "2025-06-02T17:42:42.620Z",
"dateReserved": "2025-05-22T11:43:30.702Z",
"dateUpdated": "2026-02-26T18:27:41.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3301 (GCVE-0-2024-3301)
Vulnerability from nvd – Published: 2024-05-30 15:18 – Updated: 2024-09-03 15:31
VLAI
Title
Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
Summary
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Release 2019 Golden , ≤ Release 2019 SP5
(custom)
Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom) Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom) Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom) Affected: Release 2023 Golden , ≤ Release 2023 SP2 (custom) Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom) |
|
| 3ds | delmia_apriso |
Affected:
2019 , ≤ 2024
(custom)
cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "delmia_apriso",
"vendor": "3ds",
"versions": [
{
"lessThanOrEqual": "2024",
"status": "affected",
"version": "2019",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T15:27:23.292614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:31:28.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2019 SP5",
"status": "affected",
"version": "Release 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP2",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa of Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution."
}
],
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:18:14.217Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2024-3301",
"datePublished": "2024-05-30T15:18:14.217Z",
"dateReserved": "2024-04-04T09:52:26.812Z",
"dateUpdated": "2024-09-03T15:31:28.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3300 (GCVE-0-2024-3300)
Vulnerability from nvd – Published: 2024-05-30 15:19 – Updated: 2024-08-01 20:05
VLAI
Title
Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
Summary
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Release 2019 Golden , ≤ Release 2019 SP5
(custom)
Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom) Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom) Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom) Affected: Release 2023 Golden , ≤ Release 2023 SP2 (custom) Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom) |
|
| 3ds | delmia_apriso |
Affected:
release_2019_golden , ≤ release_2019_sp5
(custom)
Affected: release_2020_golden , ≤ release_2020_sp4 (custom) Affected: release_2021_golden , ≤ release_2021_sp3 (custom) Affected: release_2022_golden , ≤ release_2022_sp3 (custom) Affected: release_2023_golden , ≤ release_2023_sp2 (custom) Affected: release_2024_golden , ≤ release_2024_sp1 (custom) cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "delmia_apriso",
"vendor": "3ds",
"versions": [
{
"lessThanOrEqual": "release_2019_sp5",
"status": "affected",
"version": "release_2019_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2020_sp4",
"status": "affected",
"version": "release_2020_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2021_sp3",
"status": "affected",
"version": "release_2021_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2022_sp3",
"status": "affected",
"version": "release_2022_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2023_sp2",
"status": "affected",
"version": "release_2023_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2024_sp1",
"status": "affected",
"version": "release_2024_golden",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T17:09:18.395045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:17.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2019 SP5",
"status": "affected",
"version": "Release 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP2",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa of Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution."
}
],
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:19:10.068Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2024-3300",
"datePublished": "2024-05-30T15:19:10.068Z",
"dateReserved": "2024-04-04T09:52:17.520Z",
"dateUpdated": "2024-08-01T20:05:08.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0935 (GCVE-0-2024-0935)
Vulnerability from nvd – Published: 2024-02-01 13:33 – Updated: 2024-08-01 18:18
VLAI
Title
Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024
Summary
Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Apriso 2019 Golden , ≤ Apriso 2019 SP5
(custom)
Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom) Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP3 (custom) Affected: Apriso 2022 Golden , ≤ Apriso 2022 SP3 (custom) Affected: Apriso 2023 Golden , ≤ Apriso 2023 SP2 (custom) Affected: Apriso 2024 Golden |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-01T16:22:28.247755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:22.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP3",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2022 SP3",
"status": "affected",
"version": "Apriso 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2023 SP2",
"status": "affected",
"version": "Apriso 2023 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2024 Golden"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T14:19:00.675Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2024-0935",
"datePublished": "2024-02-01T13:33:56.772Z",
"dateReserved": "2024-01-26T09:51:54.820Z",
"dateUpdated": "2024-08-01T18:18:18.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2141 (GCVE-0-2023-2141)
Vulnerability from nvd – Published: 2023-04-21 15:48 – Updated: 2025-02-04 20:26
VLAI
Title
Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022
Summary
An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Apriso 2017 Golden , ≤ Apriso 2017 SP7
(custom)
Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom) Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom) Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom) Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP2 (custom) Affected: Apriso 2022 Golden |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:26:47.042599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:26:49.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2017 SP7",
"status": "affected",
"version": "Apriso 2017 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2018 SP4",
"status": "affected",
"version": "Apriso 2018 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP2",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2022 Golden"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\u003cbr\u003e"
}
],
"value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T15:48:39.800Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022 ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-2141",
"datePublished": "2023-04-21T15:48:39.800Z",
"dateReserved": "2023-04-18T07:52:31.574Z",
"dateUpdated": "2025-02-04T20:26:49.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2140 (GCVE-0-2023-2140)
Vulnerability from nvd – Published: 2023-04-21 15:48 – Updated: 2025-02-04 20:27
VLAI
Title
Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
Summary
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022
could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Apriso 2017 Golden , ≤ Apriso 2017 SP7
(custom)
Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom) Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom) Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom) Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP2 (custom) Affected: Apriso 2022 Golden |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:27:03.162173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:27:09.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2017 SP7",
"status": "affected",
"version": "Apriso 2017 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2018 SP4",
"status": "affected",
"version": "Apriso 2018 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP2",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2022 Golden"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServer-Side Request Forgery vulnerability\u0026nbsp;\u003c/span\u003ein DELMIA Apriso\u0026nbsp;Release 2017 through Release 2022 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 \n\ncould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664: Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T15:48:25.654Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-2140",
"datePublished": "2023-04-21T15:48:25.654Z",
"dateReserved": "2023-04-18T07:52:26.003Z",
"dateUpdated": "2025-02-04T20:27:09.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2139 (GCVE-0-2023-2139)
Vulnerability from nvd – Published: 2023-04-21 15:44 – Updated: 2025-02-04 20:27
VLAI
Title
Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
Summary
A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Apriso 2017 Golden , ≤ Apriso 2017 SP7
(custom)
Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom) Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom) Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom) Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP1 (custom) Affected: Apriso 2022 Golden |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:27:21.446658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:27:26.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2017 SP7",
"status": "affected",
"version": "Apriso 2017 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2018 SP4",
"status": "affected",
"version": "Apriso 2018 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP1",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2022 Golden"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003eA reflected Cross-site Scripting (XSS) Vulnerability in\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eDELMIA Apriso Release 2017 through Release 2022 \u003c/span\u003eallows\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ean attacker to execute arbitrary script code.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "\nA reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T15:46:00.830Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-2139",
"datePublished": "2023-04-21T15:44:51.948Z",
"dateReserved": "2023-04-18T07:52:15.175Z",
"dateUpdated": "2025-02-04T20:27:26.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6205 (GCVE-0-2025-6205)
Vulnerability from cvelistv5 – Published: 2025-08-04 09:14 – Updated: 2026-02-26 17:50Title
Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
Summary
A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
Severity
9.1 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.3ds.com/trust-center/security/securit… | |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Release 2020 Golden , ≤ Release 2020 SP4
(custom)
Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom) Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom) Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom) Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom) Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6205",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T03:56:05.200345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-28",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6205"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:03.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6205"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP3",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2025 SP1",
"status": "affected",
"version": "Release 2025 Golden",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application."
}
],
"value": "A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T09:14:42.308Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-6205",
"datePublished": "2025-08-04T09:14:42.308Z",
"dateReserved": "2025-06-17T14:03:19.819Z",
"dateUpdated": "2026-02-26T17:50:03.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6204 (GCVE-0-2025-6204)
Vulnerability from cvelistv5 – Published: 2025-08-04 09:14 – Updated: 2026-02-26 17:50Title
Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
Summary
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
Severity
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.3ds.com/trust-center/security/securit… | |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Release 2020 Golden , ≤ Release 2020 SP4
(custom)
Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom) Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom) Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom) Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom) Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6204",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T03:56:04.227128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-28",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:03.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP3",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2025 SP1",
"status": "affected",
"version": "Release 2025 Golden",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
}
],
"value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T09:14:08.343Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-6204",
"datePublished": "2025-08-04T09:14:08.343Z",
"dateReserved": "2025-06-17T14:03:08.909Z",
"dateUpdated": "2026-02-26T17:50:03.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5086 (GCVE-0-2025-5086)
Vulnerability from cvelistv5 – Published: 2025-06-02 17:42 – Updated: 2026-02-26 18:27Title
Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
Summary
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
Severity
9 (Critical)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.3ds.com/vulnerability/advisories | |
| https://isc.sans.edu/diary/Exploit+Attempts+for+D… | media-coverage |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Release 2020 Golden , ≤ Release 2020 SP4
(custom)
Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom) Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom) Affected: Release 2023 Golden , ≤ Release 2023 SP3 (custom) Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom) Affected: Release 2025 Golden , ≤ Release 2025 SP1 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5086",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T03:56:12.885164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-11",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:41.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"media-coverage"
],
"url": "https://isc.sans.edu/diary/Exploit+Attempts+for+Dassault+DELMIA+Apriso+CVE20255086/32256"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-11T00:00:00.000Z",
"value": "CVE-2025-5086 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP3",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2025 SP1",
"status": "affected",
"version": "Release 2025 Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hacktron AI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution."
}
],
"value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T06:13:48.084Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-5086",
"datePublished": "2025-06-02T17:42:42.620Z",
"dateReserved": "2025-05-22T11:43:30.702Z",
"dateUpdated": "2026-02-26T18:27:41.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3300 (GCVE-0-2024-3300)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:19 – Updated: 2024-08-01 20:05
VLAI
Title
Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
Summary
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Release 2019 Golden , ≤ Release 2019 SP5
(custom)
Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom) Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom) Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom) Affected: Release 2023 Golden , ≤ Release 2023 SP2 (custom) Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom) |
|
| 3ds | delmia_apriso |
Affected:
release_2019_golden , ≤ release_2019_sp5
(custom)
Affected: release_2020_golden , ≤ release_2020_sp4 (custom) Affected: release_2021_golden , ≤ release_2021_sp3 (custom) Affected: release_2022_golden , ≤ release_2022_sp3 (custom) Affected: release_2023_golden , ≤ release_2023_sp2 (custom) Affected: release_2024_golden , ≤ release_2024_sp1 (custom) cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "delmia_apriso",
"vendor": "3ds",
"versions": [
{
"lessThanOrEqual": "release_2019_sp5",
"status": "affected",
"version": "release_2019_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2020_sp4",
"status": "affected",
"version": "release_2020_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2021_sp3",
"status": "affected",
"version": "release_2021_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2022_sp3",
"status": "affected",
"version": "release_2022_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2023_sp2",
"status": "affected",
"version": "release_2023_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2024_sp1",
"status": "affected",
"version": "release_2024_golden",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T17:09:18.395045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:17.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2019 SP5",
"status": "affected",
"version": "Release 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP2",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa of Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution."
}
],
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:19:10.068Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2024-3300",
"datePublished": "2024-05-30T15:19:10.068Z",
"dateReserved": "2024-04-04T09:52:17.520Z",
"dateUpdated": "2024-08-01T20:05:08.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3301 (GCVE-0-2024-3301)
Vulnerability from cvelistv5 – Published: 2024-05-30 15:18 – Updated: 2024-09-03 15:31
VLAI
Title
Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
Summary
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Release 2019 Golden , ≤ Release 2019 SP5
(custom)
Affected: Release 2020 Golden , ≤ Release 2020 SP4 (custom) Affected: Release 2021 Golden , ≤ Release 2021 SP3 (custom) Affected: Release 2022 Golden , ≤ Release 2022 SP3 (custom) Affected: Release 2023 Golden , ≤ Release 2023 SP2 (custom) Affected: Release 2024 Golden , ≤ Release 2024 SP1 (custom) |
|
| 3ds | delmia_apriso |
Affected:
2019 , ≤ 2024
(custom)
cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "delmia_apriso",
"vendor": "3ds",
"versions": [
{
"lessThanOrEqual": "2024",
"status": "affected",
"version": "2019",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T15:27:23.292614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:31:28.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2019 SP5",
"status": "affected",
"version": "Release 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP2",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa of Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution."
}
],
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:18:14.217Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2024-3301",
"datePublished": "2024-05-30T15:18:14.217Z",
"dateReserved": "2024-04-04T09:52:26.812Z",
"dateUpdated": "2024-09-03T15:31:28.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0935 (GCVE-0-2024-0935)
Vulnerability from cvelistv5 – Published: 2024-02-01 13:33 – Updated: 2024-08-01 18:18
VLAI
Title
Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024
Summary
Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Apriso 2019 Golden , ≤ Apriso 2019 SP5
(custom)
Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom) Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP3 (custom) Affected: Apriso 2022 Golden , ≤ Apriso 2022 SP3 (custom) Affected: Apriso 2023 Golden , ≤ Apriso 2023 SP2 (custom) Affected: Apriso 2024 Golden |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-01T16:22:28.247755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:22.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP3",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2022 SP3",
"status": "affected",
"version": "Apriso 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2023 SP2",
"status": "affected",
"version": "Apriso 2023 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2024 Golden"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T14:19:00.675Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2024-0935",
"datePublished": "2024-02-01T13:33:56.772Z",
"dateReserved": "2024-01-26T09:51:54.820Z",
"dateUpdated": "2024-08-01T18:18:18.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2141 (GCVE-0-2023-2141)
Vulnerability from cvelistv5 – Published: 2023-04-21 15:48 – Updated: 2025-02-04 20:26
VLAI
Title
Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022
Summary
An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Apriso 2017 Golden , ≤ Apriso 2017 SP7
(custom)
Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom) Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom) Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom) Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP2 (custom) Affected: Apriso 2022 Golden |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:26:47.042599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:26:49.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2017 SP7",
"status": "affected",
"version": "Apriso 2017 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2018 SP4",
"status": "affected",
"version": "Apriso 2018 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP2",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2022 Golden"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\u003cbr\u003e"
}
],
"value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T15:48:39.800Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022 ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-2141",
"datePublished": "2023-04-21T15:48:39.800Z",
"dateReserved": "2023-04-18T07:52:31.574Z",
"dateUpdated": "2025-02-04T20:26:49.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2140 (GCVE-0-2023-2140)
Vulnerability from cvelistv5 – Published: 2023-04-21 15:48 – Updated: 2025-02-04 20:27
VLAI
Title
Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
Summary
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022
could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Apriso 2017 Golden , ≤ Apriso 2017 SP7
(custom)
Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom) Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom) Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom) Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP2 (custom) Affected: Apriso 2022 Golden |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:27:03.162173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:27:09.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2017 SP7",
"status": "affected",
"version": "Apriso 2017 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2018 SP4",
"status": "affected",
"version": "Apriso 2018 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP2",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2022 Golden"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServer-Side Request Forgery vulnerability\u0026nbsp;\u003c/span\u003ein DELMIA Apriso\u0026nbsp;Release 2017 through Release 2022 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 \n\ncould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664: Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T15:48:25.654Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-2140",
"datePublished": "2023-04-21T15:48:25.654Z",
"dateReserved": "2023-04-18T07:52:26.003Z",
"dateUpdated": "2025-02-04T20:27:09.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2139 (GCVE-0-2023-2139)
Vulnerability from cvelistv5 – Published: 2023-04-21 15:44 – Updated: 2025-02-04 20:27
VLAI
Title
Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
Summary
A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
Affected:
Apriso 2017 Golden , ≤ Apriso 2017 SP7
(custom)
Affected: Apriso 2018 Golden , ≤ Apriso 2018 SP4 (custom) Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom) Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom) Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP1 (custom) Affected: Apriso 2022 Golden |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:27:21.446658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:27:26.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2017 SP7",
"status": "affected",
"version": "Apriso 2017 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2018 SP4",
"status": "affected",
"version": "Apriso 2018 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP1",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2022 Golden"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003eA reflected Cross-site Scripting (XSS) Vulnerability in\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eDELMIA Apriso Release 2017 through Release 2022 \u003c/span\u003eallows\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ean attacker to execute arbitrary script code.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "\nA reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T15:46:00.830Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-2139",
"datePublished": "2023-04-21T15:44:51.948Z",
"dateReserved": "2023-04-18T07:52:15.175Z",
"dateUpdated": "2025-02-04T20:27:26.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}