Lucene search

3DSVULNRICHMENT:CVE-2023-3589

HistoryOct 09, 2023 - 8:54 a.m.

CVE-2023-3589 Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x

2023-10-0908:54:08

CWE-352

3DS

github.com

cve-2023-3589

no magic release 2021x

no magic release 2022x

teamwork cloud

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dassult:teamwork_cloud_business_edition:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dassult",
    "product": "teamwork_cloud_business_edition",
    "versions": [
      {
        "status": "affected",
        "version": "no_magic_release_2021x_golden",
        "versionType": "custom",
        "lessThanOrEqual": "no_magic_release_2021X_refresh2"
      },
      {
        "status": "affected",
        "version": "no_magic_release_2022x_golden",
        "versionType": "custom",
        "lessThanOrEqual": "no_magic_release_2022x_refresh2"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:dassult:teamwork_cloud_business_pro_edition:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dassult",
    "product": "teamwork_cloud_business_pro_edition",
    "versions": [
      {
        "status": "affected",
        "version": "no_magic_release_2021x_golden",
        "versionType": "custom",
        "lessThanOrEqual": "no_magic_release_2021x_refresh2"
      },
      {
        "status": "affected",
        "version": "no_magic_release_2022x_golden",
        "versionType": "custom",
        "lessThanOrEqual": "no_magic_release2022x_refresh2"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:dassault:teamwork_cloud_standard_edition:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dassault",
    "product": "teamwork_cloud_standard_edition",
    "versions": [
      {
        "status": "affected",
        "version": "no_magic_release_2021x_golden",
        "versionType": "custom",
        "lessThanOrEqual": "no_magic_release_2021x_refresh2"
      },
      {
        "status": "affected",
        "version": "no_magic_release_2022x_golden",
        "versionType": "custom",
        "lessThanOrEqual": "no_magic_release_2022x_refresh2"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:dassault:teamwork_cloud_enterprise_edition:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dassault",
    "product": "teamwork_cloud_enterprise_edition",
    "versions": [
      {
        "status": "affected",
        "version": "no_magic_release_2021x_golden",
        "versionType": "custom",
        "lessThanOrEqual": "no_magic_release_2021_refresh2"
      },
      {
        "status": "affected",
        "version": "no_magic_release_2022x_golden",
        "versionType": "custom",
        "lessThanOrEqual": "no_magic_release_2022_refresh2"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.3ds.com/vulnerability/advisories

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-3589