Lucene search

3DSCVELIST:CVE-2023-3589

HistoryOct 09, 2023 - 8:54 a.m.

CVE-2023-3589 Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x

2023-10-0908:54:08

CWE-352

3DS

www.cve.org

cross-site request forgery

teamwork cloud

no magic release 2021x

no magic release 2022x

vulnerability

server query

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

24.1%

JSON

A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.

CNA Affected

[
  {
    "vendor": "Dassault Systèmes",
    "product": "Teamwork Cloud - Business Edition",
    "versions": [
      {
        "status": "affected",
        "version": "No Magic Release 2021x Golden",
        "lessThanOrEqual": "No Magic Release 2021x Refresh2",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "No Magic Release 2022x Golden",
        "lessThanOrEqual": "No Magic Release 2022x Refresh2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Dassault Systèmes",
    "product": "Teamwork Cloud - Enterprise Edition",
    "versions": [
      {
        "status": "affected",
        "version": "No Magic Release 2021x Golden",
        "lessThanOrEqual": "No Magic Release 2021x Refresh2",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "No Magic Release 2022x Golden",
        "lessThanOrEqual": "No Magic Release 2022x Refresh2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Dassault Systèmes",
    "product": "Teamwork Cloud - Business Pro Edition",
    "versions": [
      {
        "status": "affected",
        "version": "No Magic Release 2021x Golden",
        "lessThanOrEqual": "No Magic Release 2021x Refresh2",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "No Magic Release 2022x Golden",
        "lessThanOrEqual": "No Magic Release 2022x Refresh2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Dassault Systèmes",
    "product": "Teamwork Cloud - Standard Edition",
    "versions": [
      {
        "status": "affected",
        "version": "No Magic Release 2021x Golden",
        "lessThanOrEqual": "No Magic Release 2021x Refresh2",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "No Magic Release 2022x Golden",
        "lessThanOrEqual": "No Magic Release 2022x Refresh2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.3ds.com/vulnerability/advisories

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

24.1%

JSON

Related for CVELIST:CVE-2023-3589