Lucene search
3DSCVELIST:CVE-2024-3301HistoryMay 30, 2024 - 3:18 p.m.
CVE-2024-3301 Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
2024-05-3015:18:14
CWE-502
3DS
www.cve.org
cve-2024-3301
unsafe object deserialization
remote code execution
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.
CNA Affected
[
{
"vendor": "Dassault Systèmes",
"product": "DELMIA Apriso",
"versions": [
{
"status": "affected",
"version": "Release 2019 Golden",
"lessThanOrEqual": "Release 2019 SP5",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 2020 Golden",
"lessThanOrEqual": "Release 2020 SP4",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 2021 Golden",
"lessThanOrEqual": "Release 2021 SP3",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 2022 Golden",
"lessThanOrEqual": "Release 2022 SP3",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 2023 Golden",
"lessThanOrEqual": "Release 2023 SP2",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 2024 Golden",
"lessThanOrEqual": "Release 2024 SP1",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]References
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
Related for CVELIST:CVE-2024-3301