Lucene search
3DSCVE-2024-6379HistoryAug 20, 2024 - 2:15 p.m.
CVE-2024-6379
2024-08-2014:15:10
CWE-79
3DS
web.nvd.nist.gov
24
url redirection
3dpassport
3dswymer
3dexperience r2022x
3dexperience r2024x
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
17.7%
A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in userβs browser session.
Affected configurations
Node
3ds3dexperienceRanger2022xβr2024x
| Vendor | Product | Version | CPE |
|---|---|---|---|
| 3ds | 3dexperience | * | cpe:2.3:o:3ds:3dexperience:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Dassault Systèmes",
"product": "3DSwymer",
"versions": [
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2022x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2022x.FP.CFA.2424",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2023x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2419",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2024x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2424",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]References
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
17.7%
Related for CVE-2024-6379