3DEXPERIENCE Vulnerable to OS Command Injection
CVE-2024-1624

9.4CRITICAL

Key Information:

Vendor: Dassault Systèmes
Status: Documentation Server
Vendor: CVE Published:; 1 March 2024

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2024-1624?

The vulnerability presents an OS Command Injection issue within the documentation server of certain Dassault Systèmes products. This flaw exists across multiple versions of the 3DEXPERIENCE platform, SIMULIA Abaqus, SIMULIA Isight, and CATIA Composer. An attacker could craft a malicious HTTP request to execute arbitrary commands on the system, potentially compromising the integrity and security of the affected applications. The impact of such exploitation emphasizes the importance of timely patches and security measures for organizations utilizing these solutions.

Affected Version(s)

Documentation server Release 3DEXPERIENCE R2022x Golden

Documentation server Release 3DEXPERIENCE R2023x Golden

Documentation server Release 3DEXPERIENCE R2024x Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Feb 19, 2024