Lucene search

3DSCVE-2024-7939

HistorySep 02, 2024 - 12:15 p.m.

CVE-2024-7939

2024-09-0212:15:20

CWE-79

3DS

web.nvd.nist.gov

stored cross-site scripting

3dswym

3dexperience r2024x

arbitrary script code

browser session

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

14.7%

JSON

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session.

Affected configurations

Nvd

Node

3ds3dexperienceMatchr2024x

VendorProductVersionCPE
3ds3dexperiencer2024xcpe:2.3:a:3ds:3dexperience:r2024x:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
3ds	3dexperience	r2024x	cpe:2.3:a:3ds:3dexperience:r2024x:::::::*

CNA Affected

[
  {
    "vendor": "Dassault Systèmes",
    "product": "3DSwymer",
    "versions": [
      {
        "status": "affected",
        "version": "Release 3DEXPERIENCE R2024x Golden",
        "lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2405",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.3ds.com/vulnerability/advisories

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

14.7%

JSON

Related for CVE-2024-7939