Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
CVE-2023-2139

5.4MEDIUM

Key Information:

Vendor: Dassault Systèmes
Status: Delmia Apriso
Vendor: CVE Published:; 21 April 2023

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2023-2139?

A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.

Affected Version(s)

DELMIA Apriso Apriso 2017 Golden

DELMIA Apriso Apriso 2018 Golden

DELMIA Apriso Apriso 2019 Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2023
Vulnerability Reserved
Apr 18, 2023

Credit

Mehdi Elyassa and Vincent Herbulot from Synacktiv