Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
CVE-2023-2140

7.5HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Delmia Apriso
Vendor: CVE Published:; 21 April 2023

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2023-2140?

A Server-Side Request Forgery (SSRF) vulnerability exists in DELMIA Apriso, affecting multiple releases from 2017 to 2022. This flaw can enable an unauthenticated attacker to issue requests to arbitrary hosts, leveraging the server's privileges. As a result, it poses significant risks, as attackers could potentially access internal systems or services that should be protected, underscoring the importance of applying security patches to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DELMIA Apriso Apriso 2017 Golden

DELMIA Apriso Apriso 2018 Golden

DELMIA Apriso Apriso 2019 Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 21, 2023
Vulnerability Reserved
Apr 18, 2023

Credit

Mehdi Elyassa and Vincent Herbulot from Synacktiv

JSON

Dassault Systèmes

What is CVE-2023-2140?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.