All the vulnerabilites related to Dassault Systèmes - DELMIA Apriso
cve-2023-2139
Vulnerability from cvelistv5
Published
2023-04-21 15:44
Modified
2025-02-04 20:27
Severity ?
EPSS score ?
Summary
Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:27:21.446658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:27:26.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2017 SP7",
"status": "affected",
"version": "Apriso 2017 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2018 SP4",
"status": "affected",
"version": "Apriso 2018 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP1",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2022 Golden"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003eA reflected Cross-site Scripting (XSS) Vulnerability in\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eDELMIA Apriso Release 2017 through Release 2022 \u003c/span\u003eallows\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ean attacker to execute arbitrary script code.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "\nA reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T15:46:00.830Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-2139",
"datePublished": "2023-04-21T15:44:51.948Z",
"dateReserved": "2023-04-18T07:52:15.175Z",
"dateUpdated": "2025-02-04T20:27:26.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0935
Vulnerability from cvelistv5
Published
2024-02-01 13:33
Modified
2024-08-01 18:18
Severity ?
EPSS score ?
Summary
Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-01T16:22:28.247755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:22.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP3",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2022 SP3",
"status": "affected",
"version": "Apriso 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2023 SP2",
"status": "affected",
"version": "Apriso 2023 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2024 Golden"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T14:19:00.675Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insertion of Sensitive Information into Log File vulnerabilities affecting DELMIA Apriso Release 2019 through Release 2024",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2024-0935",
"datePublished": "2024-02-01T13:33:56.772Z",
"dateReserved": "2024-01-26T09:51:54.820Z",
"dateUpdated": "2024-08-01T18:18:18.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-6205
Vulnerability from cvelistv5
Published
2025-08-04 09:14
Modified
2025-08-04 15:34
Severity ?
EPSS score ?
Summary
Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T15:02:52.103703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T15:34:42.547Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP3",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2025 SP1",
"status": "affected",
"version": "Release 2025 Golden",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application."
}
],
"value": "A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T09:14:42.308Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-6205",
"datePublished": "2025-08-04T09:14:42.308Z",
"dateReserved": "2025-06-17T14:03:19.819Z",
"dateUpdated": "2025-08-04T15:34:42.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-3300
Vulnerability from cvelistv5
Published
2024-05-30 15:19
Modified
2024-08-01 20:05
Severity ?
EPSS score ?
Summary
Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "delmia_apriso",
"vendor": "3ds",
"versions": [
{
"lessThanOrEqual": "release_2019_sp5",
"status": "affected",
"version": "release_2019_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2020_sp4",
"status": "affected",
"version": "release_2020_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2021_sp3",
"status": "affected",
"version": "release_2021_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2022_sp3",
"status": "affected",
"version": "release_2022_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2023_sp2",
"status": "affected",
"version": "release_2023_golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "release_2024_sp1",
"status": "affected",
"version": "release_2024_golden",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T17:09:18.395045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:17.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2019 SP5",
"status": "affected",
"version": "Release 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP2",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa of Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution."
}
],
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:19:10.068Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2024-3300",
"datePublished": "2024-05-30T15:19:10.068Z",
"dateReserved": "2024-04-04T09:52:17.520Z",
"dateUpdated": "2024-08-01T20:05:08.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2140
Vulnerability from cvelistv5
Published
2023-04-21 15:48
Modified
2025-02-04 20:27
Severity ?
EPSS score ?
Summary
Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:27:03.162173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:27:09.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2017 SP7",
"status": "affected",
"version": "Apriso 2017 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2018 SP4",
"status": "affected",
"version": "Apriso 2018 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP2",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2022 Golden"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServer-Side Request Forgery vulnerability\u0026nbsp;\u003c/span\u003ein DELMIA Apriso\u0026nbsp;Release 2017 through Release 2022 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 \n\ncould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664: Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T15:48:25.654Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022 ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-2140",
"datePublished": "2023-04-21T15:48:25.654Z",
"dateReserved": "2023-04-18T07:52:26.003Z",
"dateUpdated": "2025-02-04T20:27:09.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-6204
Vulnerability from cvelistv5
Published
2025-08-04 09:14
Modified
2025-08-04 15:50
Severity ?
EPSS score ?
Summary
Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T15:49:53.504308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T15:50:49.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP3",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2025 SP1",
"status": "affected",
"version": "Release 2025 Golden",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
}
],
"value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T09:14:08.343Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-6204",
"datePublished": "2025-08-04T09:14:08.343Z",
"dateReserved": "2025-06-17T14:03:08.909Z",
"dateUpdated": "2025-08-04T15:50:49.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-5086
Vulnerability from cvelistv5
Published
2025-06-02 17:42
Modified
2025-09-12 03:56
Severity ?
EPSS score ?
Summary
Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5086",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-11",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T03:56:12.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"media-coverage"
],
"url": "https://isc.sans.edu/diary/Exploit+Attempts+for+Dassault+DELMIA+Apriso+CVE20255086/32256"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-11T00:00:00+00:00",
"value": "CVE-2025-5086 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP3",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2025 SP1",
"status": "affected",
"version": "Release 2025 Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hacktron AI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution."
}
],
"value": "A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T06:13:48.084Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-5086",
"datePublished": "2025-06-02T17:42:42.620Z",
"dateReserved": "2025-05-22T11:43:30.702Z",
"dateUpdated": "2025-09-12T03:56:12.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-3301
Vulnerability from cvelistv5
Published
2024-05-30 15:18
Modified
2024-09-03 15:31
Severity ?
EPSS score ?
Summary
Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "delmia_apriso",
"vendor": "3ds",
"versions": [
{
"lessThanOrEqual": "2024",
"status": "affected",
"version": "2019",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T15:27:23.292614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:31:28.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 2019 SP5",
"status": "affected",
"version": "Release 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2020 SP4",
"status": "affected",
"version": "Release 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2021 SP3",
"status": "affected",
"version": "Release 2021 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2022 SP3",
"status": "affected",
"version": "Release 2022 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2023 SP2",
"status": "affected",
"version": "Release 2023 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 2024 SP1",
"status": "affected",
"version": "Release 2024 Golden",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa of Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution."
}
],
"value": "An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:18:14.217Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2024-3301",
"datePublished": "2024-05-30T15:18:14.217Z",
"dateReserved": "2024-04-04T09:52:26.812Z",
"dateUpdated": "2024-09-03T15:31:28.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2141
Vulnerability from cvelistv5
Published
2023-04-21 15:48
Modified
2025-02-04 20:26
Severity ?
EPSS score ?
Summary
Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Dassault Systèmes | DELMIA Apriso |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:26:47.042599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:26:49.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Apriso",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Apriso 2017 SP7",
"status": "affected",
"version": "Apriso 2017 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2018 SP4",
"status": "affected",
"version": "Apriso 2018 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2019 SP5",
"status": "affected",
"version": "Apriso 2019 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2020 SP4",
"status": "affected",
"version": "Apriso 2020 Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Apriso 2021 SP2",
"status": "affected",
"version": "Apriso 2021 Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Apriso 2022 Golden"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mehdi Elyassa and Vincent Herbulot from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\u003cbr\u003e"
}
],
"value": "An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T15:48:39.800Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022 ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2023-2141",
"datePublished": "2023-04-21T15:48:39.800Z",
"dateReserved": "2023-04-18T07:52:31.574Z",
"dateUpdated": "2025-02-04T20:26:49.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}