OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x
CVE-2023-1997

8.8HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Simulia 3dorchestrate
Vendor: CVE Published:; 28 August 2023

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2023-1997?

An OS Command Injection vulnerability has been identified in SIMULIA 3DOrchestrate that affects various releases of the 3DEXPERIENCE platform. This vulnerability allows an attacker to craft a malicious HTTP request that may lead to unauthorized command execution on the server. Proper security measures should be implemented to protect against potential exploitation.

Affected Version(s)

SIMULIA 3DOrchestrate Release 3DEXPERIENCE R2021x Golden

SIMULIA 3DOrchestrate Release 3DEXPERIENCE R2022x Golden

SIMULIA 3DOrchestrate Release 3DEXPERIENCE R2023x Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Apr 12, 2023

JSON