Reflected Cross-Site Scripting Vulnerability Affects 3DSwymer Products
CVE-2024-6377
6.1MEDIUM
Key Information
- Vendor
- Dassault Systèmes
- Status
- 3dswymer
- Vendor
- CVE Published:
- 20 August 2024
Summary
An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.
Affected Version(s)
3DSwymer <= Release 3DEXPERIENCE R2022x Golden
3DSwymer <= Release 3DEXPERIENCE R2023x Golden
3DSwymer <= Release 3DEXPERIENCE R2024x Golden
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Risk change from: 6.1 to: 8.1 - (HIGH)
Risk change from: 6.1 to: 8.1 - (HIGH)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database