3DSCVE-2024-6378CVE-2024-6378
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
14.7%
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in userβs browser session.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| 3ds | 3dexperience | * | cpe:2.3:o:3ds:3dexperience:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Dassault Systèmes",
"product": "ENOVIA Collaborative Industry Innovator",
"versions": [
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2022x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2022x.FP.CFA.2424",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2023x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2419",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2024x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2424",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]References
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
14.7%