Search criteria
6 vulnerabilities found for Teamwork Cloud - Business Pro Edition by Dassault Systèmes
CVE-2026-7858 (GCVE-0-2026-7858)
Vulnerability from nvd – Published: 2026-06-01 07:45 – Updated: 2026-06-01 13:10
VLAI
Title
Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x
Summary
A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | Teamwork Cloud - Standard Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Business Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Business Pro Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Enterprise Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Magic Collaboration Studio |
Affected:
CATIA Magic Release 2022x Golden , ≤ CATIA Magic Release 2022x Refresh2 HF3
(custom)
Affected: CATIA Magic Release 2024x Golden , ≤ CATIA Magic Release 2024x Refresh3 HF1 (custom) Affected: CATIA Magic Release 2026x Golden , ≤ CATIA Magic Release 2026x Golden HF2 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T13:10:19.818378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:10:31.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Standard Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Pro Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Enterprise Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Magic Collaboration Studio",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "CATIA Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "CATIA Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "CATIA Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "CATIA Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "CATIA Magic Release 2026x Golden HF2",
"status": "affected",
"version": "CATIA Magic Release 2026x Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tyler Harkness"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution."
}
],
"value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T07:45:34.201Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-7858"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2026-7858",
"datePublished": "2026-06-01T07:45:34.201Z",
"dateReserved": "2026-05-05T11:42:41.151Z",
"dateUpdated": "2026-06-01T13:10:31.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3589 (GCVE-0-2023-3589)
Vulnerability from nvd – Published: 2023-10-09 08:54 – Updated: 2024-09-19 14:58
VLAI
Title
Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x
Summary
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | Teamwork Cloud - Business Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Enterprise Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Business Pro Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Standard Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| dassult | teamwork_cloud_business_edition |
Affected:
no_magic_release_2021x_golden , ≤ no_magic_release_2021X_refresh2
(custom)
Affected: no_magic_release_2022x_golden , ≤ no_magic_release_2022x_refresh2 (custom) cpe:2.3:a:dassult:teamwork_cloud_business_edition:*:*:*:*:*:*:*:* |
|
| dassult | teamwork_cloud_business_pro_edition |
Affected:
no_magic_release_2021x_golden , ≤ no_magic_release_2021x_refresh2
(custom)
Affected: no_magic_release_2022x_golden , ≤ no_magic_release2022x_refresh2 (custom) cpe:2.3:a:dassult:teamwork_cloud_business_pro_edition:*:*:*:*:*:*:*:* |
|
| dassault | teamwork_cloud_standard_edition |
Affected:
no_magic_release_2021x_golden , ≤ no_magic_release_2021x_refresh2
(custom)
Affected: no_magic_release_2022x_golden , ≤ no_magic_release_2022x_refresh2 (custom) cpe:2.3:a:dassault:teamwork_cloud_standard_edition:*:*:*:*:*:*:*:* |
|
| dassault | teamwork_cloud_enterprise_edition |
Affected:
no_magic_release_2021x_golden , ≤ no_magic_release_2021_refresh2
(custom)
Affected: no_magic_release_2022x_golden , ≤ no_magic_release_2022_refresh2 (custom) cpe:2.3:a:dassault:teamwork_cloud_enterprise_edition:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dassult:teamwork_cloud_business_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teamwork_cloud_business_edition",
"vendor": "dassult",
"versions": [
{
"lessThanOrEqual": "no_magic_release_2021X_refresh2",
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "no_magic_release_2022x_refresh2",
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:dassult:teamwork_cloud_business_pro_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teamwork_cloud_business_pro_edition",
"vendor": "dassult",
"versions": [
{
"lessThanOrEqual": "no_magic_release_2021x_refresh2",
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "no_magic_release2022x_refresh2",
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:dassault:teamwork_cloud_standard_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teamwork_cloud_standard_edition",
"vendor": "dassault",
"versions": [
{
"lessThanOrEqual": "no_magic_release_2021x_refresh2",
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "no_magic_release_2022x_refresh2",
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:dassault:teamwork_cloud_enterprise_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teamwork_cloud_enterprise_edition",
"vendor": "dassault",
"versions": [
{
"lessThanOrEqual": "no_magic_release_2021_refresh2",
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "no_magic_release_2022_refresh2",
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:28:44.230042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:58:42.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Enterprise Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Pro Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Standard Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Johannes R\u00fcckert from mgm security partners GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server."
}
],
"value": "A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T09:15:26.671Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-3589",
"datePublished": "2023-10-09T08:54:08.100Z",
"dateReserved": "2023-07-10T14:22:56.221Z",
"dateUpdated": "2024-09-19T14:58:42.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3588 (GCVE-0-2023-3588)
Vulnerability from nvd – Published: 2023-09-13 18:22 – Updated: 2024-08-02 07:01
VLAI
Title
Stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x
Summary
A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | Teamwork Cloud - Business Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Enterprise Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Business Pro Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Standard Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:38:50.525810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T18:39:04.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Enterprise Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Pro Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Standard Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Johannes R\u00fcckert from mgm security partners GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code."
}
],
"value": "A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-3588",
"datePublished": "2023-09-13T18:22:11.313Z",
"dateReserved": "2023-07-10T14:22:49.873Z",
"dateUpdated": "2024-08-02T07:01:57.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-7858 (GCVE-0-2026-7858)
Vulnerability from cvelistv5 – Published: 2026-06-01 07:45 – Updated: 2026-06-01 13:10
VLAI
Title
Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x
Summary
A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | Teamwork Cloud - Standard Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Business Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Business Pro Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Enterprise Edition |
Affected:
No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 HF3
(custom)
Affected: No Magic Release 2024x Golden , ≤ No Magic Release 2024x Refresh3 HF1 (custom) Affected: No Magic Release 2026x Golden , ≤ No Magic Release 2026x Golden HF2 (custom) |
|
| Dassault Systèmes | Magic Collaboration Studio |
Affected:
CATIA Magic Release 2022x Golden , ≤ CATIA Magic Release 2022x Refresh2 HF3
(custom)
Affected: CATIA Magic Release 2024x Golden , ≤ CATIA Magic Release 2024x Refresh3 HF1 (custom) Affected: CATIA Magic Release 2026x Golden , ≤ CATIA Magic Release 2026x Golden HF2 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T13:10:19.818378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:10:31.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Standard Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Pro Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Enterprise Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "No Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2026x Golden HF2",
"status": "affected",
"version": "No Magic Release 2026x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Magic Collaboration Studio",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "CATIA Magic Release 2022x Refresh2 HF3",
"status": "affected",
"version": "CATIA Magic Release 2022x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "CATIA Magic Release 2024x Refresh3 HF1",
"status": "affected",
"version": "CATIA Magic Release 2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "CATIA Magic Release 2026x Golden HF2",
"status": "affected",
"version": "CATIA Magic Release 2026x Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tyler Harkness"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution."
}
],
"value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T07:45:34.201Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-7858"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2026-7858",
"datePublished": "2026-06-01T07:45:34.201Z",
"dateReserved": "2026-05-05T11:42:41.151Z",
"dateUpdated": "2026-06-01T13:10:31.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-3589 (GCVE-0-2023-3589)
Vulnerability from cvelistv5 – Published: 2023-10-09 08:54 – Updated: 2024-09-19 14:58
VLAI
Title
Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x
Summary
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | Teamwork Cloud - Business Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Enterprise Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Business Pro Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Standard Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| dassult | teamwork_cloud_business_edition |
Affected:
no_magic_release_2021x_golden , ≤ no_magic_release_2021X_refresh2
(custom)
Affected: no_magic_release_2022x_golden , ≤ no_magic_release_2022x_refresh2 (custom) cpe:2.3:a:dassult:teamwork_cloud_business_edition:*:*:*:*:*:*:*:* |
|
| dassult | teamwork_cloud_business_pro_edition |
Affected:
no_magic_release_2021x_golden , ≤ no_magic_release_2021x_refresh2
(custom)
Affected: no_magic_release_2022x_golden , ≤ no_magic_release2022x_refresh2 (custom) cpe:2.3:a:dassult:teamwork_cloud_business_pro_edition:*:*:*:*:*:*:*:* |
|
| dassault | teamwork_cloud_standard_edition |
Affected:
no_magic_release_2021x_golden , ≤ no_magic_release_2021x_refresh2
(custom)
Affected: no_magic_release_2022x_golden , ≤ no_magic_release_2022x_refresh2 (custom) cpe:2.3:a:dassault:teamwork_cloud_standard_edition:*:*:*:*:*:*:*:* |
|
| dassault | teamwork_cloud_enterprise_edition |
Affected:
no_magic_release_2021x_golden , ≤ no_magic_release_2021_refresh2
(custom)
Affected: no_magic_release_2022x_golden , ≤ no_magic_release_2022_refresh2 (custom) cpe:2.3:a:dassault:teamwork_cloud_enterprise_edition:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dassult:teamwork_cloud_business_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teamwork_cloud_business_edition",
"vendor": "dassult",
"versions": [
{
"lessThanOrEqual": "no_magic_release_2021X_refresh2",
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "no_magic_release_2022x_refresh2",
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:dassult:teamwork_cloud_business_pro_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teamwork_cloud_business_pro_edition",
"vendor": "dassult",
"versions": [
{
"lessThanOrEqual": "no_magic_release_2021x_refresh2",
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "no_magic_release2022x_refresh2",
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:dassault:teamwork_cloud_standard_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teamwork_cloud_standard_edition",
"vendor": "dassault",
"versions": [
{
"lessThanOrEqual": "no_magic_release_2021x_refresh2",
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "no_magic_release_2022x_refresh2",
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:dassault:teamwork_cloud_enterprise_edition:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teamwork_cloud_enterprise_edition",
"vendor": "dassault",
"versions": [
{
"lessThanOrEqual": "no_magic_release_2021_refresh2",
"status": "affected",
"version": "no_magic_release_2021x_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "no_magic_release_2022_refresh2",
"status": "affected",
"version": "no_magic_release_2022x_golden",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:28:44.230042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:58:42.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Enterprise Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Pro Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Standard Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Johannes R\u00fcckert from mgm security partners GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server."
}
],
"value": "A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T09:15:26.671Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-3589",
"datePublished": "2023-10-09T08:54:08.100Z",
"dateReserved": "2023-07-10T14:22:56.221Z",
"dateUpdated": "2024-09-19T14:58:42.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3588 (GCVE-0-2023-3588)
Vulnerability from cvelistv5 – Published: 2023-09-13 18:22 – Updated: 2024-08-02 07:01
VLAI
Title
Stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x
Summary
A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dassault Systèmes | Teamwork Cloud - Business Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Enterprise Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Business Pro Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
|
| Dassault Systèmes | Teamwork Cloud - Standard Edition |
Affected:
No Magic Release 2021x Golden , ≤ No Magic Release 2021x Refresh2
(custom)
Affected: No Magic Release 2022x Golden , ≤ No Magic Release 2022x Refresh2 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:38:50.525810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T18:39:04.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Enterprise Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Business Pro Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Teamwork Cloud - Standard Edition",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "No Magic Release 2021x Refresh2",
"status": "affected",
"version": "No Magic Release 2021x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "No Magic Release 2022x Refresh2",
"status": "affected",
"version": "No Magic Release 2022x Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Johannes R\u00fcckert from mgm security partners GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code."
}
],
"value": "A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-3588",
"datePublished": "2023-09-13T18:22:11.313Z",
"dateReserved": "2023-07-10T14:22:49.873Z",
"dateUpdated": "2024-08-02T07:01:57.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}