Lucene search
HistoryMay 30, 2024 - 4:15 p.m.
CVE-2024-3301
delmia apriso
.net
deserialization
vulnerability
remote code execution
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.
CNA Affected
[
{
"vendor": "Dassault Systèmes",
"product": "DELMIA Apriso",
"versions": [
{
"status": "affected",
"version": "Release 2019 Golden",
"lessThanOrEqual": "Release 2019 SP5",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 2020 Golden",
"lessThanOrEqual": "Release 2020 SP4",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 2021 Golden",
"lessThanOrEqual": "Release 2021 SP3",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 2022 Golden",
"lessThanOrEqual": "Release 2022 SP3",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 2023 Golden",
"lessThanOrEqual": "Release 2023 SP2",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 2024 Golden",
"lessThanOrEqual": "Release 2024 SP1",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]References
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
Related for CVE-2024-3301