Lucene search

3DSVULNRICHMENT:CVE-2024-7932

HistorySep 02, 2024 - 11:48 a.m.

CVE-2024-7932 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x

2024-09-0211:48:47

CWE-79

3DS

github.com

cve-2024-7932

stored cross-site scripting

3ddashboard

3dswymer

3dexperience r2024x

arbitrary script code

user's browser session

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dassault:3dswymer_3dexperience_2024:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dassault",
    "product": "3dswymer_3dexperience_2024",
    "versions": [
      {
        "status": "affected",
        "version": "R2024x Golden",
        "versionType": "custom",
        "lessThanOrEqual": "R2024x.FP.CFA.240"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.3ds.com/vulnerability/advisories

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-7932