3DSCVELIST:CVE-2023-1997CVE-2023-1997 OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.2%
An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution.
CNA Affected
[
{
"vendor": "Dassault Systèmes",
"product": "SIMULIA 3DOrchestrate",
"versions": [
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2021x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2021x.FP.CFA.2306",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2022x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2022x FP.CFA.2310",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2023x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2314",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]References
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.2%