CVE-2024-0935 (GCVE-0-2024-0935)

Vulnerability from cvelistv5 – Published: 2024-02-01 13:33 – Updated: 2024-08-01 18:18
VLAI?
Title
Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024
Summary
Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024
Severity ?
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
3DS
References
Impacted products
Vendor Product Version
Dassault Systèmes DELMIA Apriso Affected: Apriso 2019 Golden , ≤ Apriso 2019 SP5 (custom)
Affected: Apriso 2020 Golden , ≤ Apriso 2020 SP4 (custom)
Affected: Apriso 2021 Golden , ≤ Apriso 2021 SP3 (custom)
Affected: Apriso 2022 Golden , ≤ Apriso 2022 SP3 (custom)
Affected: Apriso 2023 Golden , ≤ Apriso 2023 SP2 (custom)
Affected: Apriso 2024 Golden
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-01T16:22:28.247755Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:22.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:18:18.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.3ds.com/vulnerability/advisories"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DELMIA Apriso",
          "vendor": "Dassault Syst\u00e8mes",
          "versions": [
            {
              "lessThanOrEqual": "Apriso 2019 SP5",
              "status": "affected",
              "version": "Apriso 2019 Golden",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Apriso 2020 SP4",
              "status": "affected",
              "version": "Apriso 2020 Golden",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Apriso 2021 SP3",
              "status": "affected",
              "version": "Apriso 2021 Golden",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Apriso 2022 SP3",
              "status": "affected",
              "version": "Apriso 2022 Golden",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Apriso 2023 SP2",
              "status": "affected",
              "version": "Apriso 2023 Golden",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "Apriso 2024 Golden"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
            }
          ],
          "value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-09T14:19:00.675Z",
        "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "shortName": "3DS"
      },
      "references": [
        {
          "url": "https://www.3ds.com/vulnerability/advisories"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
    "assignerShortName": "3DS",
    "cveId": "CVE-2024-0935",
    "datePublished": "2024-02-01T13:33:56.772Z",
    "dateReserved": "2024-01-26T09:51:54.820Z",
    "dateUpdated": "2024-08-01T18:18:18.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-0935\",\"sourceIdentifier\":\"3DS.Information-Security@3ds.com\",\"published\":\"2024-02-01T14:15:56.040\",\"lastModified\":\"2024-11-21T08:47:47.643\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro est\u00e1 afectando a DELMIA Apriso desde la versi\u00f3n 2019 hasta la versi\u00f3n 2024\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"3DS.Information-Security@3ds.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"3DS.Information-Security@3ds.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019\",\"versionEndIncluding\":\"2024\",\"matchCriteriaId\":\"2519F764-CF85-4E0F-BE9E-B31257A83DE8\"}]}]}],\"references\":[{\"url\":\"https://www.3ds.com/vulnerability/advisories\",\"source\":\"3DS.Information-Security@3ds.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.3ds.com/vulnerability/advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.3ds.com/vulnerability/advisories\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:18:18.981Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0935\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-01T16:22:28.247755Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T15:20:38.647Z\"}}], \"cna\": {\"title\": \"Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-37\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-37 Retrieve Embedded Sensitive Data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Dassault Syst\\u00e8mes\", \"product\": \"DELMIA Apriso\", \"versions\": [{\"status\": \"affected\", \"version\": \"Apriso 2019 Golden\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Apriso 2019 SP5\"}, {\"status\": \"affected\", \"version\": \"Apriso 2020 Golden\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Apriso 2020 SP4\"}, {\"status\": \"affected\", \"version\": \"Apriso 2021 Golden\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Apriso 2021 SP3\"}, {\"status\": \"affected\", \"version\": \"Apriso 2022 Golden\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Apriso 2022 SP3\"}, {\"status\": \"affected\", \"version\": \"Apriso 2023 Golden\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Apriso 2023 SP2\"}, {\"status\": \"affected\", \"version\": \"Apriso 2024 Golden\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.3ds.com/vulnerability/advisories\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-532\", \"description\": \"CWE-532 Insertion of Sensitive Information into Log File\"}]}], \"providerMetadata\": {\"orgId\": \"f5a594e6-46a7-4e60-8a08-0a786e70e433\", \"shortName\": \"3DS\", \"dateUpdated\": \"2024-02-09T14:19:00.675Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-0935\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T18:18:18.981Z\", \"dateReserved\": \"2024-01-26T09:51:54.820Z\", \"assignerOrgId\": \"f5a594e6-46a7-4e60-8a08-0a786e70e433\", \"datePublished\": \"2024-02-01T13:33:56.772Z\", \"assignerShortName\": \"3DS\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.