Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
CVE-2023-2140

7.5HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Delmia Apriso
Vendor: CVE Published:; 21 April 2023

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2023-2140?

A Server-Side Request Forgery (SSRF) vulnerability exists in DELMIA Apriso, affecting multiple releases from 2017 to 2022. This flaw can enable an unauthenticated attacker to issue requests to arbitrary hosts, leveraging the server's privileges. As a result, it poses significant risks, as attackers could potentially access internal systems or services that should be protected, underscoring the importance of applying security patches to mitigate this risk.

Affected Version(s)

DELMIA Apriso Apriso 2017 Golden

DELMIA Apriso Apriso 2018 Golden

DELMIA Apriso Apriso 2019 Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2023
Vulnerability Reserved
Apr 18, 2023

Credit

Mehdi Elyassa and Vincent Herbulot from Synacktiv