Lucene search

3DSCVE-2023-5599

HistoryNov 21, 2023 - 10:15 a.m.

CVE-2023-5599

2023-11-2110:15:08

CWE-79

3DS

web.nvd.nist.gov

cve-2023-5599

stored xss

3ddashboard

3dswymer

3dexperience r2022x

3dexperience r2023x

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.0%

JSON

A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.

Affected configurations

Nvd

Node

dassault3dswymer_3dexperience_2022Matchfp.cfa.2337

dassault3dswymer_3dexperience_2023Matchfp.cfa.2333

VendorProductVersionCPE
dassault3dswymer_3dexperience_2022fp.cfa.2337cpe:2.3:a:dassault:3dswymer_3dexperience_2022:fp.cfa.2337:*:*:*:*:*:*:*
dassault3dswymer_3dexperience_2023fp.cfa.2333cpe:2.3:a:dassault:3dswymer_3dexperience_2023:fp.cfa.2333:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dassault	3dswymer_3dexperience_2022	fp.cfa.2337	cpe:2.3:a:dassault:3dswymer_3dexperience_2022:fp.cfa.2337:::::::*
dassault	3dswymer_3dexperience_2023	fp.cfa.2333	cpe:2.3:a:dassault:3dswymer_3dexperience_2023:fp.cfa.2333:::::::*

CNA Affected

[
  {
    "vendor": "Dassault Systèmes",
    "product": "3DSwymer",
    "versions": [
      {
        "status": "affected",
        "version": "Release 3DEXPERIENCE R2022x Golden",
        "lessThanOrEqual": "Release 3DEXPERIENCE R2022x.FP.CFA.2337",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "Release 3DEXPERIENCE R2023x Golden",
        "lessThanOrEqual": "Release 3DEXPERIENCE R2023x FP.CFA.2333",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.3ds.com/vulnerability/advisories