CVE-2023-2141 - OpenCVE

An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
3ds	Delmia Apriso

Configuration 1 [-]

cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.3ds.com/vulnerability/advisories	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: 3DS

Published: 2023-04-21T15:48:39.800Z

Updated: 2023-04-21T15:48:39.800Z

Reserved: 2023-04-18T07:52:31.574Z

Link: CVE-2023-2141

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-04-21T16:15:07.443

Modified: 2023-05-09T01:01:22.827

Link: CVE-2023-2141

JSON object: View

Redhat Information

No data.

CWE

CWE-502

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-2141", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "state": "PUBLISHED", "assignerShortName": "3DS", "dateReserved": "2023-04-18T07:52:31.574Z", "datePublished": "2023-04-21T15:48:39.800Z", "dateUpdated": "2023-04-21T15:48:39.800Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2023-04-21T15:48:39.800Z"}, "title": "Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022 ", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-586", "descriptions": [{"lang": "en", "value": "CAPEC-586 Object Injection"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "DELMIA Apriso", "versions": [{"status": "affected", "version": "Apriso 2017 Golden", "lessThanOrEqual": "Apriso 2017 SP7", "versionType": "custom"}, {"status": "affected", "version": "Apriso 2018 Golden", "lessThanOrEqual": "Apriso 2018 SP4", "versionType": "custom"}, {"status": "affected", "version": "Apriso 2019 Golden", "lessThanOrEqual": "Apriso 2019 SP5", "versionType": "custom"}, {"status": "affected", "version": "Apriso 2020 Golden", "lessThanOrEqual": "Apriso 2020 SP4", "versionType": "custom"}, {"status": "affected", "version": "Apriso 2021 Golden", "lessThanOrEqual": "Apriso 2021 SP2", "versionType": "custom"}, {"status": "affected", "version": "Apriso 2022 Golden"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\n", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.<br>"}]}], "references": [{"url": "https://www.3ds.com/vulnerability/advisories"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}