Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x
CVE-2023-3589

6.8MEDIUM

Key Information:

Vendor: Dassault Systèmes
Status: Teamwork Cloud - Business Edition; Teamwork Cloud - Enterprise Edition; Teamwork Cloud - Business Pro Edition; Teamwork Cloud - Standard Edition
Vendor: CVE Published:; 9 October 2023

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2023-3589?

A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.

Affected Version(s)

Teamwork Cloud - Business Edition No Magic Release 2021x Golden

Teamwork Cloud - Business Edition No Magic Release 2022x Golden

Teamwork Cloud - Business Pro Edition No Magic Release 2021x Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2023
Vulnerability Reserved
Jul 10, 2023

Credit

Johannes Rückert from mgm security partners GmbH

CVE-2023-3589 Data

JSON